[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] 300,000 failed login attempts in 6 months!!!

Subject: [ale] 300,000 failed login attempts in 6 months!!!
From: stephen at bee.net (Stephen Cristol)
Date: Mon, 18 Aug 2008 14:08:34 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

I've had similar issues. Besides the options mentioned (DenyHosts,  
fail2ban), I found a few others:

- sshdfilter (http://www.csc.liv.ac.uk/~greg/sshdfilter/)
- sshguard (http://sshguard.sourceforge.net/)
- ABL PAM module (http://sourceforge.net/projects/pam-abl)
- iptables limit or recent (http://snowman.net/projects/ipt_recent/)  
modules
- Similar projects: sshit, blocksshd, crackblock, ssh-faker,  
shellter, sshutout

Comments:

_ I use this on a box in another state, so I wanted something where  
it would be difficult to lock myself out. I started by experimenting  
with the iptables recent module. This worked well enough that I have  
not pursued other options.

- If you want to build your own solution, Bob Toxen's book includes a  
script for extracting the necessary information from /var/log/messages.

- The PAM module (above) is particularly intriguing as I believe it  
avoids having to constantly dig through log files.

- A final thought is to use the "AllowUsers" or "AllowGroups" options  
in sshd_config. These limit who can connect to those users or groups  
explicitly listed. I think it has the added benefit of not even  
trying to authenticate users that are not on the list. (If so, this  
may interact badly with the ABL PAM module.)

HTH,
S

References:
- [ale] 300,000 failed login attempts in 6 months!!!
  - From: greg.freemyer at gmail.com (Greg Freemyer)

Prev by Date: [ale] 300,000 failed login attempts in 6 months!!!
Next by Date: [ale] 300,000 failed login attempts in 6 months!!!
Previous by thread: [ale] 300,000 failed login attempts in 6 months!!!
Next by thread: [ale] 300,000 failed login attempts in 6 months!!!
Index(es):
- Date
- Thread