[Tfug] Stopping repeated login attempts
Jeff Breadner
jeff at breadner.ca
Tue Jan 26 19:44:37 MST 2010
U
On Jan 26, 2010, at 6:07 PM, brandon <brandons.daemon at gmail.com> wrote:
> On Mon, Jan 25, 2010 at 10:57 PM, Louis Taber <ltaber at gmail.com>
> wrote:
> Hi,
>
> Looking at my log files I am getting repeated login attempts from
> China. I changed my NAT port setting in the router and it slowed
> down for a few hours. What is the best way for dealing with this?
> I don't think a manual solution will be the best.
>
> http://www.okean.com/antispam/iptables/rc.firewall.china has a list
> of Chinese IP addresses for blocking spam.
>
> Denyhosts looks interesting: http://stats.denyhosts.net/stats.html
>
> What works best for the effort needed to set it up?
> What is going to require the least long term maintenance?
>
> Thanks. - Louis
>
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
> I agree with what others have said here. For ~2 years now I have
> monitored the logs for my current employer. We run sshd on a non
> standard port and I have not seen one failed login attempt. Non
> standard port along with only allowing ssh login with keys has
> worked really well for us. I have also thought about Fail2Ban but
> there is always the possibility that a half awake admin could lock
> themselves out at 2 am from some random IP address.
>
> -Brandon
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20100126/998e3a49/attachment-0002.html>
More information about the tfug
mailing list