Op donderdag 14 februari 2013 04:56:53 schreef Stroller: > > On 14 February 2013, at 04:13, Daniel Frey wrote: > > ... > > I've poked into this a bit more, and every 60 seconds 5 attempts at > > logon are being madeā¦ This weekend I'll reformat & reinstall. > > Excuse me if this is a dumb question, but does this machine have any ports > open to the internet? > > This thread reminds me of how we sometimes hear of logfiles full of many ssh > attempts made by script kiddies and botnets. > > Stroller. > > Same here, I've seen multitudes of messages like this, with different user names, in log files on servers with open ports 22. As long as you don't allow interactive logins you shoud be fine, right?
I think there might also be some advanced iptables hacking that might help you block too many requests from the same source IP. This is still on my list of stuff to look at 'some time'. One thing I have used with apparent succes is access a different port on the outside, and redirect that to 22 on the inside. It's security through obscurity, I know, but it seemed quite effective nonetheless. Cheers, Paul
