Re: SSH hank attempts… bad?

Jonathan Duncan jonathan at jkdwebmagic.com
Tue Apr 11 21:11:22 MDT 2006


On Tue, 11 Apr 2006, Justin Findlay wrote:

> On 4/11/06, Wade Preston Shearer <lists at wadeshearer.com> wrote:
>> My server can get up ~12,000 [1] failed log in attempts recorded in
>> my server's logs in one day. How much of a concern should this be? I
>> am aware of restricting shell access to certain IPs. Will that
>> restrict the handshake or will I still see the attempts in my logs?
>> Are there any ways to restrict the attempts?
>
> What I've done: 1. Change ssh port to a random non privileged, non
> used port.  2. Use good passwords.  3. Install DenyHosts and change
> the default "protective" settings to "brutally unforgiving" as in
> after 5 tries at a password on any account real or fantastic, that
> host is denied all services for forever.
>
> You might want to read a recent SLLUG thread on this.
>
> http://www.sllug.org/pipermail/sllug-members/2006-March/007499.html
>
>
> Justin
>
>

As Justin suggests, there are scripts out there that will block any 
attempts from a single IP after a certain number of tries.  I use one on 
my web hosting servers and it keeps the traffic down greatly.  Massive 
login attempts can cause DOS, which is a bad thing in the web hosting 
business, as you know.

Jonathan



More information about the PLUG mailing list