Root account
Olivier Picquenot
oli at aurait.eu
Thu Apr 19 15:16:17 UTC 2007
Brian Fahrlander a écrit :
> When you get ssh set up on a Linux box, and you have logwatch
> running, you'll see just how bad it is. It's also a good reason to use
> usernames with parts of the first AND last names, not just "george" and
> a password of "password". They try them by the millions per day,
> literally.
You can use iptables to ban these IP after X failed attempts.
For ssh listening on port 22TCP and on iface eth0 :
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
recent --update --seconds 300 --hitcount 10 -j DROP
Will ban for 300 seconds after 10 failed login attempts.
Regards,
Olivier Picquenot
More information about the ubuntu-users
mailing list