[Tfug] Stopping repeated login attempts
brandon
brandons.daemon at gmail.com
Tue Jan 26 18:07:18 MST 2010
On Mon, Jan 25, 2010 at 10:57 PM, Louis Taber <ltaber at gmail.com> wrote:
> Hi,
>
> Looking at my log files I am getting repeated login attempts from China. I
> changed my NAT port setting in the router and it slowed down for a few
> hours. What is the best way for dealing with this? I don't think a manual
> solution will be the best.
>
> http://www.okean.com/antispam/iptables/rc.firewall.china has a list of
> Chinese IP addresses for blocking spam.
>
> Denyhosts looks interesting: http://stats.denyhosts.net/stats.html
>
> What works best for the effort needed to set it up?
> What is going to require the least long term maintenance?
>
> Thanks. - Louis
>
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
I agree with what others have said here. For ~2 years now I have monitored
the logs for my current employer. We run sshd on a non standard port and I
have not seen one failed login attempt. Non standard port along with only
allowing ssh login with keys has worked really well for us. I have also
thought about Fail2Ban but there is always the possibility that a half awake
admin could lock themselves out at 2 am from some random IP address.
-Brandon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20100126/d5801ffe/attachment-0002.html>
More information about the tfug
mailing list