On 4/9/2010 15:42, Benjamin Billon wrote: > >>> This is also blocking Sina, Netease, Yahoo.cn and other major >>> Chinese ISP/ESP. Am I the only to think this is not very smart? >> >> It depends. I'am not a fan of country blocking. But in my case it can >> work for a home server. You could adapt the list and block port 22 >> only for production servers where you can't expect to never have >> email from China, but can safely block brute force ssh attacks. >> > Yep, home server, your server. That's not the same when you have > customers who rely on your server. > IMHO, port 22 and other critical ports should always be blocked except > from known places. > I personally use a port knocking setup and it pretty much eliminates SSH brute force account/password hacks. Actually, on one box that didn't have the ability to do that, I simply moved the SSH port. This was surprisingly effective, although a bit inconvenient.
I'll have to say that a very large number of the brute attempts were from Chinese IPs. Hopefully they're not reading this. ;-)