[Tfug] Stopping repeated login attempts

Jon bigj at voipmogul.net
Thu Jan 28 09:03:12 MST 2010


John Gruenenfelder wrote:
> On Mon, Jan 25, 2010 at 10:57:13PM -0700, Louis Taber wrote:
>   
>> Denyhosts looks interesting:  http://stats.denyhosts.net/stats.html
>>
>> What works best for the effort needed to set it up?
>> What is going to require the least long term maintenance?
>>
>> Thanks.  - Louis
>>     
>
> I second the use of DenyHosts.  I'm using it on all of my machines with Net
> exposed SSH access.  It is very fast and easy to set up and it works wonders
> against brute force attacks and will stop them in very short order.
>
> It also recognizes the difference between a remote attacker trying random
> users and somebody repeatedly going after an existing account.  You can make
> it more or less lenient towards different types of "attacks" so that you don't
> accidentally lock somebody out who is a lousy typist.  DenyHosts can also
> reset the counters upon successful login, if you wish, which significantly
> lowers the chances of accidental lockout.
>
> Lastly, I find it much more robust than an inetd or sshd based solution and
> much easier to handle than a firewall-only based one.
>
>
>   
No, no. no. According to some experts on this list you just change the 
port number and your problem is solved. Why would you want to *actually* 
fix the problem when you can just "move" the problem hoping no one finds 
it again?

Where's the "SarcMark" when you need one :)

-- 
Jon
www.VoIPmogul.net





More information about the tfug mailing list