Vreme: 12/07/2011 06:29 PM, Craig White piše: > > On Dec 7, 2011, at 4:49 AM, Johnny Hughes wrote: > >>> There is also use of denyhosts and fail2ban. They allow only few >>> attempts from one IP, and all users can share attacking IP's (default is >>> every 30 min) so you are automatically protected from known attacking >>> IP's. Any downside on this protection? >> >> No downside, and they do work. > ---- > I am a true believer and use denyhosts everywhere but to say there is no downside, that's not entirely true - I had a co-worker who was dyslexic, and you would be surprised how often he locked himself out ;-) Honestly, I don't know how he got a college degree in CIS being as dyslexic as he was. > hehehe. I whitelisted my internal IP's and other friendly IP's like other networks I maintain (and made secure :-) ). -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe Google is the Mother, Google is the Father, and traceroute is your trusty Spiderman... StarOS, Mikrotik and CentOS/RHEL/Linux consultant