Server under SSH brute force attack...please help.
Jefferson Cowart
Jeff.Cowart at libraries.claremont.edu
Tue Sep 25 17:51:31 CDT 2007
I use fail2ban quite happily.
--
Thank You
Jefferson Cowart
Network and Linux Systems Administrator
Libraries Information Technology
> -----Original Message-----
> From: linux-poweredge-bounces at dell.com [mailto:linux-poweredge-
> bounces at dell.com] On Behalf Of Florent Gilain
> Sent: Tuesday, September 25, 2007 15:08
> To: linux-poweredge at dell.com
> Subject: RE: Server under SSH brute force attack...please help.
>
> Thanks to all, i'm going to work seriously on default setup of all my
> boxes
> using all your tips ;-))
>
> PS : I heard about fail2ban utility; any user of it can tell me if it's
> a
> good choice ? (same as denyhost ?)
>
> Thanks
>
> Florent
>
>
>
> -----Message d'origine-----
> De : linux-poweredge-bounces at dell.com
> [mailto:linux-poweredge-bounces at dell.com] De la part de Matt Domsch
> Envoyé : mardi 25 septembre 2007 23:42
> À : Barry Wiseman
> Cc : linux-poweredge at dell.com
> Objet : Re: Server under SSH brute force attack...please help.
>
> On Tue, Sep 25, 2007 at 05:37:47PM -0400, Barry Wiseman wrote:
> > In addition to Pedram's good advice, you might want to check out
> > denyhosts.sourceforge.net. This is a python script that detects
> these
> brute force
> > ssh attacks, and dynamically adds culprit IP addresses to
> /etc/hosts.deny
> so as to
> > shut them down.
>
> I know you're running RHEL3, but Fedora EPEL for RHEL4 and higher
> includes denyhosts, so it's just an 'up2date -i denyhosts' away.
>
> http://fedoraproject.org/wiki/EPEL
>
>
> --
> Matt Domsch
> Linux Technology Strategist, Dell Office of the CTO
> linux.dell.com & www.dell.com/linux
>
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq
>
> _______________________________________________
> Linux-PowerEdge mailing list
> Linux-PowerEdge at dell.com
> http://lists.us.dell.com/mailman/listinfo/linux-poweredge
> Please read the FAQ at http://lists.us.dell.com/faq
More information about the Linux-PowerEdge
mailing list