Steve wrote:
[...] Sure, I could use IPtables to block all these bad ports... or... I could disable password authentication entirely... but I keep thinking that there has to be something better I can do... any suggestions?
I'm using DenyHosts to battle this. It adds the IPs to /etc/hosts.deny after a configurable amount of failed logins. It even downloads an online list of IPs where attacks originate from and uploads attacks to your box to this list too (if you allow it in the configuration).
After I installed this, no more brute-forcing :) I used to have thousands per day.
http://www.denyhosts.net It's in portage.
