[BUGS] Constant SSH login spam
Sh4d03
mlists at shadow-security.net
Mon Feb 4 17:58:03 EST 2008
Jerahmy Pocott wrote:
> On 04/02/2008, at 11:01 AM, Edwin Groothuis wrote:
>
>
>> On Mon, Feb 04, 2008 at 10:44:26AM +1100, Joshua Bromfield wrote:
>>
>>> Hey Jerahmy,
>>>
>>> I had 12,000 logins over one weekend just a month or so ago.
>>>
>>> I installed: http://denyhosts.sourceforge.net/
>>>
>>> Since then I have had absolutely no activity whatsoever.
>>>
>> Then you have a different problem, since it parses your /var/log/
>> auth.log :-)
>>
>
> What's wrong with that?
>
> Looking at the features it seems pretty good, doesn't re-parse the
> entire log unless it gets turned over and separates the invalid users
> from the valid ones..
>
> I have been considering moving ssh to another port, but I don't like
> the idea of script kiddies forcing me to use a non-standard port for
> my services..
> _______________________________________________
> BUGS mailing list
> BUGS at bugs.au.freebsd.org
> http://mailman.barnet.com.au/mailman/listinfo/bugs
>
>
>
>
My recommendation would be to simply move it to another port. This is
"giving in" to script kiddies as much as installing Anti-Spam measures
is "giving in" to Spammers. It's easy to do, and in my opinion a much
cleaner option rather than installing 3rd party mechanisms. Why bother
your system by making it check invalid login counts when you can simply
(and cheaply) drop the traffic if they don't know the port?
Worked for me!
That's just my opinion - take it or leave it.
Sh4d03
More information about the BUGS
mailing list