Hi, I would suggest using ssh with RSA key pairs and passphrases only. Dont allow password based login or root login over ssh. Only allow root to login using the console and use sudo for all admin tasks.
I have not tried this myself but you could use tcpwrappers and write a script to add the IP address from repeated failed messages to the hosts.deny file. There are various scripts already written to do this. A quick goggle search found this http://security.linux.com/article.pl?sid=05/09/15/1655234 (its about linux but I am sure the same approach applies to FreeBSD.) Hope this helps John [EMAIL PROTECTED] wrote on 09/05/2006 15:54:03: > More and more each day I am seeing my root emails contain hundreds > of entries like this: > > May 8 02:23:35 warpstone sshd[26092]: Failed password for root > from 222.185.245.208 port 50519 ssh2 > May 8 16:37:41 warpstone ftpd[34713]: FTP LOGIN FAILED FROM 211.44. > 250.152, Administrator > > Basically, people are attemtpting to hack into my server often > with a few thousands of attempts each day. What measures can I take > to stop these attempts? Is there a way I can detect these attacks > and automatically cut them off? Are any of the security ports > effective against this? > > Thank you! > > M Goodell > > > --------------------------------- > Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
