[Tfug] Stopping repeated login attempts

brandon brandons.daemon at gmail.com
Tue Jan 26 18:07:18 MST 2010


On Mon, Jan 25, 2010 at 10:57 PM, Louis Taber <ltaber at gmail.com> wrote:

> Hi,
>
> Looking at my log files I am getting repeated login attempts from China.  I
> changed my NAT port setting in the router and it slowed down for a few
> hours.  What is the best way for dealing with this?  I don't think a manual
> solution will be the best.
>
> http://www.okean.com/antispam/iptables/rc.firewall.china has a list of
> Chinese IP addresses for blocking spam.
>
> Denyhosts looks interesting:  http://stats.denyhosts.net/stats.html
>
> What works best for the effort needed to set it up?
> What is going to require the least long term maintenance?
>
> Thanks.  - Louis
>
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
>
I agree with what others have said here. For ~2 years now I have monitored
the logs for my current employer. We run sshd on a non standard port and I
have not seen one failed login attempt. Non standard port along with only
allowing ssh login with keys has worked really well for us. I have also
thought about Fail2Ban but there is always the possibility that a half awake
admin could lock themselves out at 2 am from some random IP address.

-Brandon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20100126/d5801ffe/attachment-0002.html>


More information about the tfug mailing list