Note to LEAF users on ssh logins
Martin P. Hellwig
mhellwig at xs4all.nl
Thu Mar 3 03:05:15 PST 2005
Matthew Dillon wrote:
Leaf and, in fact, all of my machines which have open ssh ports are getting
random hack attempts, about 20-30 a day in short bursts, usually from a
different IP address each day. I talked with a few sysop friends and
their boxes are getting similar traffic. The hack attempts primarily
try to ssh to root, admin, and a bunch of microsoft-soundy names. It looks
fairly coordinated, like it is trying a couple of passwords a each day
then trying again with different passwords the next day.
<cut>
Yeah all my boxes have the same, mosty asian IP's though, perhaps it
would be nice to have a default something in the system that can be
turned on vi rc.conf that whenever there are more then 10 login attemps
within 5 minutes that IP gets blocked for say 48 hours?
--
mph
More information about the Users
mailing list