I'm getting quite a few cracking attempts through ssh, most recently
from some Korean site. I have three people who are allowed ssh
access, but two additonal ones are able to make webmin connections
(https to port 10000). Unfortunately, all of them come in from
I'm using shorewall, and tried to just say "deny anyone coming in on
ssh from a .kr domain" but that doesn't seem to work.
Any suggestions on how to do this. All accounts that have login
access have john running against them in an attempt to ensure good
passwords, but I am still a little paranoid, especially since I
messed up and left an opening that was exploited a few weeks ago.
I'm thinking about having only one machine that people must log
into, and all the other machines must originate from that login
machine. Any other suggestions are very appreciated. I do security
updates weekly, so I'm never too far behind the times.
Meddle not in the Affairs of Dragons
for thou art crunchy, and good with catsup.