On Mon, 2005-12-19 at 09:04 -0500, Tom Buskey wrote: > I've started running something called DenyHosts. If I get N failed > logins from an IP address, it gets added to /etc/hosts.deny and my > sshd never sees that IP again. It's worth checking out. All > automated w/ email alerts, expiration of IPs (or not), number of > failures, etc.
I have to put in another vote for this. DenyHosts (http://denyhosts.sf.net) has decreased my log sizes significantly. Thankfully, it seems as though the scripts that most script kiddies are using seem to stop trying after they get failed connections due to being put in hosts.deny. -- "I have one plan for linux. World Domination." -Linus Torvalds Cole Tuininga Lead Developer Code Energy, Inc [EMAIL PROTECTED] PGP Key ID: 0x43E5755D _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss