SSH Bot attack Prevention

Charles Curley charlescurley at charlescurley.com
Wed Mar 14 11:08:54 MDT 2007


On Wed, Mar 14, 2007 at 10:40:44AM -0600, Adam Findley wrote:
> So I am getting hit by ssh bots like crazy. It seems that they have
> discovered my ssh server.  Anywho, while they are not getting in, they
> are killing my bandwidth.  There is this article I found that after 15
> failed attempts it adds your ip to a block list.  While this sounds like
> a great solution, it is based on BSD.  Does anyone know of a linux solution?

Consider moving your SSH to a different port, and maybe move it around
from time to time (and let your users know). Then you can just deny 22

But the iptables suggestions other have made might be good for the new
port as well.

-- 

Charles Curley                  /"\    ASCII Ribbon Campaign
Looking for fine software       \ /    Respect for open standards
and/or writing?                  X     No HTML/RTF in email
http://www.charlescurley.com    / \    No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0  809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070314/78ac7dd8/attachment.bin 


More information about the PLUG mailing list