From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1L7y9J-0005oK-9G for garchives@archives.gentoo.org; Wed, 03 Dec 2008 20:16:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 82F12E0306; Wed, 3 Dec 2008 20:16:38 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 519C0E0306 for ; Wed, 3 Dec 2008 20:16:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id C938A6496C for ; Wed, 3 Dec 2008 20:16:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -3.461 X-Spam-Level: X-Spam-Status: No, score=-3.461 required=5.5 tests=[AWL=0.138, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnUrU9Sf7NCz for ; Wed, 3 Dec 2008 20:16:31 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 14A2E6488D for ; Wed, 3 Dec 2008 20:16:30 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1L7y93-0004G1-6i for gentoo-user@gentoo.org; Wed, 03 Dec 2008 20:16:25 +0000 Received: from athedsl-4412519.home.otenet.gr ([79.130.196.87]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 03 Dec 2008 20:16:25 +0000 Received: from realnc by athedsl-4412519.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 03 Dec 2008 20:16:25 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: Curious pattern in log files from ssh... Date: Wed, 03 Dec 2008 22:16:16 +0200 Message-ID: References: <4936E5E3.1040606@shic.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-4412519.home.otenet.gr User-Agent: Thunderbird 2.0.0.18 (X11/20081121) In-Reply-To: <4936E5E3.1040606@shic.co.uk> Sender: news X-Archives-Salt: e9b86c72-e0f9-4133-a1fb-75e58c256854 X-Archives-Hash: ea13754216553aee55c7f8c68827569e Steve wrote: > [...] > Sure, I could use IPtables to block all these bad ports... or... I could > disable password authentication entirely... but I keep thinking that > there has to be something better I can do... any suggestions? I'm using DenyHosts to battle this. It adds the IPs to /etc/hosts.deny after a configurable amount of failed logins. It even downloads an online list of IPs where attacks originate from and uploads attacks to your box to this list too (if you allow it in the configuration). After I installed this, no more brute-forcing :) I used to have thousands per day. http://www.denyhosts.net It's in portage.