Toby Bluhm wrote: > Niki Kovacs wrote: >> Hi, >> >> I just set up a web server... and my bandwidth is being eaten by some >> chinese folks trying to brute-force-ssh their way into the machine. >> >> Is there a simple way to banish either single IP addresses or, maybe >> even better, whole IP classes ? I know it's feasible with iptables, but >> is there something more easily configurable ? >> >> Cheers, >> > > > Try fail2ban from rpmforge. > > Also, if you're using the standard fw that ships with centos, you can stop entire blocks of IPs by manually inserting rules after iptables starts: iptables -I RH-Firewall-1-INPUT 1 -s 1.2.3.4/24 -p tcp --dport 22 -j DROP IP ranges by country: http://www.countryipblocks.net/country-blocks/select-formats/ The IP ranges will change from time to time, so you have to check often. You could script in a download from http://www.countryipblocks.net/continents/ to keep it current. Like someone said, if you have to keep ssh open to the world, changing the port number will dramatically cut down on the attempts. -- tkb