On Fri, Oct 09, 2009 at 08:35:25PM +0200, Niki Kovacs wrote: > > I just set up a web server... and my bandwidth is being eaten by some > chinese folks trying to brute-force-ssh their way into the machine. > > Is there a simple way to banish either single IP addresses or, maybe > even better, whole IP classes ? I know it's feasible with iptables, but > is there something more easily configurable ? I also use denyhosts. The memory footprint is not quite so bad for one host; mine is currently using 13m of resident memory, and a total of 92m of shared memory (from top). But I do see running hundreds of denyhosts processes could be a memory issue; perhaps it could be hacked to run on the main host and propagate its entries to the virtual hosts. Anyway, the main issue with denyhosts, and even iptables, is that the traffic still comes over your line. If you have a slow link, the attacks are still going to eat your bandwidth, which can be frustrating. Apart from getting your ISP to block them at the other end, I don't know a good solution to this problem. (It is alleviated somewhat if the attackers realize they've been blocked and move on, so an iptables solution might be a bit better.) --keith -- kkeller at speakeasy.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20091009/87aff832/attachment-0005.sig>