On 7/18/07, Art Edwards <[EMAIL PROTECTED]> wrote:
1. Are there repositories of offending IP addresses to block? Can/should
one contribute to these?
denyhosts does that for you
also have a look at fail2ban which can drop IPs for a certain amount
of time after a certain amount of certain logmessages, which are
certainly configurable and certainly i haven't written a sentence yet
that matches the substring <you know which one> that often.
2. The attacks never use the same user name more than once. Is there a
way to block access, even temporarily, from an IP address after a set
number of attempts, even if the attempts use different user names?
fail2ban
3. Are there other obvious things I should be doing?
if it's ssh - it just obscurity but I found that 90% of the script
kiddies won't hit you if you move your port elsewhere
hth
martin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
