Why don't you have sshd listen on a different port? I was getting
1000's of ssh login attempts until I changed the port sshd was
listening on. I've found script kiddies aren't smart enough to check
alt ports.
On Sep 17, 2008, at 7:15 PM, Marc G. Fournier wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Does anyone know of a utility that I can use with sshd to auto-block
by IP if
there are more then N failed attempts in a row?
ie:
# grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort |
uniq -c |
sort -nr
5268 140.113.210.174
4863 72.52.225.116
3586 116.14.255.141
2918 193.205.186.67
2033 219.76.75.6
1308 216.14.127.67
1059 61.72.106.71
983 93.123.14.9
691 202.75.221.197
649 59.77.33.139
381 201.80.15.207
269 190.10.255.73
212 81.252.254.189
181 123.151.32.12
150 211.21.47.50
139 196.219.63.3
128 200.111.64.171
This is for one day ... I'd like to be able to throttle so that
after X Invalid
user attempts, the IP gets blocked ...
Possible?
- --
Marc G. Fournier Hub.Org Hosting Solutions S.A. (http://www.hub.org
)
Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED]
Yahoo . yscrappy Skype: hub.org ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEARECAAYFAkjRj6EACgkQ4QvfyHIvDvOsYQCgyaB3MhvHJk9qShRlovwSAXxx
3oQAn2NQ8zLFVO82Udp+mZaojwbfoKmw
=SuAI
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]
"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"