crazy hackers and logwatch
Roger Grosswiler
roger at gwch.net
Tue Aug 9 05:49:53 UTC 2005
Justin Conover schrieb:
> On 8/8/05, Jason L Tibbitts III <tibbs at math.uh.edu> wrote:
>
>>>>>>>"JC" == Justin Conover <justin.conover at gmail.com> writes:
>>
>>JC> Is it stupid when someone is trying to get on your box, leaves the
>>JC> ip and has a website on that ip ;-)
>>
>>Yes, but most of these hosts have been hacked and are just running
>>automated tools to find other hackable boxes.
>>
>>To protect yourself, install denyhosts from extras, tune it to your
>>environment and enjoy the satisfaction of having these be blocked
>>automatically.
>>
>>I hope to have an updated version of denyhosts checked into extras
>>soon.
>>
>> - J<
>>
>>--
>>fedora-test-list mailing list
>>fedora-test-list at redhat.com
>>To unsubscribe:
>>http://www.redhat.com/mailman/listinfo/fedora-test-list
>>
>
>
> Very nice
>
the easiest would be, telling iptables not allowing connection to port
22 for given hosts - known as stealthing ports ;-)
Since i do that, i have no longer 100s of entries in my logs. The
firewall automatically drops all ssh-connection-tries not coming from
this ip.
iptables -I RH-Firewall-1-INPUT 10 -p tcp -s 192.168.0.10 --dport 22 -j
ACCEPT
e.g. this would allow ssh-access from 192.168.0.10 to this machine only.
all others would get "no route to host". since this, i have no more
brute-force-attacks against ssh on my server.
would be nice, having this in system-config-securitylevel ;-)
Roger
More information about the test
mailing list