Dealing with unwelcome visitors

Ted Roche Mon, 16 Aug 2004 07:51:21 -0700

I have a FC2 machine exposed to the Internet, supporting web, ftp, ssh and a few other functions. Each day I read the logs and see one or two visitors trying to log into ssh as "admin", "guest", "test" and "user" with one try each with a password and one without. The IP address is always different, but the fact that the pattern of names and attempts is always the same suggests script kiddies.

I manually add the IP address to an iptables chain so that all future packets from that address are dropped.

For a while, i was looking up the addresses and sending email to their local abuse@ website, but that got to be too much work.

Anyone have a suggestion re:

1) are these appropriate actions to take?
2) is there any easier way to do it?
3) is there something else I ought to be doing?

Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com

_______________________________________________
gnhlug-discuss mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss

Dealing with unwelcome visitors

Reply via email to