Re: SSH hank attempts… bad?
jonathan at jkdwebmagic.com
Tue Apr 11 21:11:22 MDT 2006
On Tue, 11 Apr 2006, Justin Findlay wrote:
> On 4/11/06, Wade Preston Shearer <lists at wadeshearer.com> wrote:
>> My server can get up ~12,000  failed log in attempts recorded in
>> my server's logs in one day. How much of a concern should this be? I
>> am aware of restricting shell access to certain IPs. Will that
>> restrict the handshake or will I still see the attempts in my logs?
>> Are there any ways to restrict the attempts?
> What I've done: 1. Change ssh port to a random non privileged, non
> used port. 2. Use good passwords. 3. Install DenyHosts and change
> the default "protective" settings to "brutally unforgiving" as in
> after 5 tries at a password on any account real or fantastic, that
> host is denied all services for forever.
> You might want to read a recent SLLUG thread on this.
As Justin suggests, there are scripts out there that will block any
attempts from a single IP after a certain number of tries. I use one on
my web hosting servers and it keeps the traffic down greatly. Massive
login attempts can cause DOS, which is a bad thing in the web hosting
business, as you know.
More information about the PLUG