On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote: > my logs are filled with useless ssh bruteforce attempts - is there > anything i can do to avoid logging random brute force attacks? since i > disallow ssh root login and use the allowuser acl - i guess i could > just avoid logging all these random attacks in my logs. > Any suggestions would be much appreciated. Thanks.
For a start, you can use DenyHosts [0], which would add the "attacking" IP in your hosts.deny file after a certain number of failed connection attempts so that they won't even be able to establish a connection to the SSH daemon. It won't solve your problem by itself, but at least greatly diminish the entries in your log files. You have to be careful, though, to have a good hosts.allow file (whitelisting your domains/IPs) in order not to lock you out by mistake (sometimes, to much alcohol doesn't help correctly remembering one's password...). [0] http://denyhosts.sf.net -- Olivier Mehani <[EMAIL PROTECTED]> PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
