Chris schreef:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
Any suggestions would be much appreciated. Thanks.
One of the suggestions I have seen on this list is to enable pf and add
an max-src-connection rate for ssh.
So if someone connects, say 4 times within 30 seconds, you block them.
It will not stop the first attempts from being logged but after that you
are in the clear.
Make sure you empty the table with attackers once in a while though.
Matt
