On Sat, Aug 23, 2008 at 5:08 PM, Brad Beyenhof <[EMAIL PROTECTED]> wrote: > On Sat, Aug 23, 2008 at 4:59 PM, Bob La Quey <[EMAIL PROTECTED]> wrote: >> I appear to have had a ssh attack on my linode.com box. >> >> The auth.log has many lines of this sort of thing: >> >> Aug 23 11:23:54 ubuntu sshd[13108]: Failed password for invalid user >> calisto from 210.143.97.153 port 33742 ssh2 > > Install denyhosts. It monitors ssh traffic and puts IPs that > repeatedly try to access your box into /etc/hosts.deny (thereby > refusing all attempted TCP connections from that address). > > I get similar attacks on my Linode all the time (I have the same > $20/month plan as you), but it doesn't affect my CPU use terribly with > denyhosts running. > > By the way, I also use hosts.allow and hosts.deny to refuse all > traffic to any ports except 22 and 80. I know I should also implement > this in iptables, since that outright refuses packets instead of the > TCP wrapper that accepts the packets and just refuses the > connection... however, the wrapper does work just fine, at least for > now. > > -- > Brad Beyenhof . . . . . . . . . . . . . . . . . http://augmentedfourth.com > If the world were merely seductive, that would be easy. If it were merely > challenging, that would be no problem. But I arise in the morning torn > between a desire to improve the world and a desire to enjoy the world. > This makes it hard to plan the day. ~ E.B. White, writer (1899-1985)
Thanks Brad, I am probably going to do that. I might try port knocking as well but just installing denyhosts and forgetting about the problem is most likely a better solution. I am somewhat clumsy and forgetfull though so I worry that I might lock myself out :) BobLQ PS. I completely agree with your sig. Right now I think I will got ake a walk on the beach. Enjoy wins again. -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
