intrusion detected

djmadkins ulist at gs1.ubuntuforums.org
Tue Aug 9 12:38:52 UTC 2005


For your specific ssh problem I have found a very good solution if you
need to access SSH over the internet.



I like to play with my home PC from work (which is boring) by
connecting to my second display using vnc over ssh (putty) and
publickey authentication, this way I can run my desktop at a
surprisingly good speed. Even with this I still get "leEt Hax0Rs"
trying to get into my ssh port. The solution:



I use DenyHosts to scan my auth.log file every 5 minutes via cron. If
it detects 5 incorrect login attempts from an IP it adds an SSH deny
entry to hosts.deny which prevents that IP from connecting at all (via
ssh). If I was paranoid I could have it issue a deny ALL instead of
just ssh.



The program is very configurable and can notify you (either via email
or output to a file of your choosing).



google DenyHosts for more information.  This is a Python script if your
familiar with that.


-- 
djmadkins




More information about the ubuntu-users mailing list