[BUGS] Constant SSH login spam
Jerahmy Pocott
quakenet1 at optusnet.com.au
Mon Feb 4 17:54:02 EST 2008
On 04/02/2008, at 11:01 AM, Edwin Groothuis wrote:
> On Mon, Feb 04, 2008 at 10:44:26AM +1100, Joshua Bromfield wrote:
>> Hey Jerahmy,
>>
>> I had 12,000 logins over one weekend just a month or so ago.
>>
>> I installed: http://denyhosts.sourceforge.net/
>>
>> Since then I have had absolutely no activity whatsoever.
>
> Then you have a different problem, since it parses your /var/log/
> auth.log :-)
What's wrong with that?
Looking at the features it seems pretty good, doesn't re-parse the
entire log unless it gets turned over and separates the invalid users
from the valid ones..
I have been considering moving ssh to another port, but I don't like
the idea of script kiddies forcing me to use a non-standard port for
my services..
More information about the BUGS
mailing list