[wplug] Any tips against this kind of ssh break-in?
Aaron Johnson
aaronjoh at andrew.cmu.edu
Fri Jul 15 08:56:45 EDT 2005
I was just looking into this a week ago. The best I came up with is:
http://www.aczoom.com/cms/blockhosts
which does what you are asking.
--Aaron
Russ Schneider wrote:
> Occasionally, I get someone trying to break in via ssh, just hammering
> away, I'm assuming just trying to guess passwords automatically.
>
> Example: http://www.sugapablo.net/docs/script-02.txt
>
> I have a firewall, ssh is one of the few open ports. The firewall
> (Netgear) does not let me block IP addresses or IP ranges.
>
> I did notice that in sshd_config, root was allowed to login. I just
> turned that off.
>
> Luckily, no one has gotten in with this kind of attempt yet. But I was
> wondering if there were any further measures I could take to make sure it
> never happens.
>
> Ideally, I would think there would/should be some kind of measure I could
> take where if an IP address made X number of attempts to login and failed
> in a Y hour period, that IP address would be blocked from further login
> attempts.
>
> Any such thing available/possible?
>
> Any other suggestions to futher tighten things down? What about other
> users in the system like http, mysql, ftp, etc? I *assume* that since
> these users don't have (at least I don't think so) passwords associated
> with them and sshd_config will only allow users with passwords to login
> that they can't login. (But I could be wrong.)
>
>
More information about the wplug
mailing list