Reporting brute force ssh login attempts
Hi All,
I have a few servers on which there is a regular penetration attempts
using brute force password guessing bots.
There is little risk to the server but am getting more and more annoyed
by this and as far as I can see am left with two options.
1. Report each ip address that does this. However, a lot of them seems
to be from asia with no proper abuse@ address to contact. Additionally,
this can be very time consuming.
2. Change the port number that ssh uses to something else. This has the
annoyance that I need to pass the new port number in each time I want to
log-in.
3. Ignore the issue. Very annoying since logwatch and logcheck
constantly complain about it. However, I can add filters so it annoys me
less.
Is there a another option? Alternatively, is there a way of
automatically reporting offending ip's?
Any input in this matter greatly appreciated.
Best Wishes,
Shri
--
Shri Shrikumar
Technologist Extraordinaire
Kraya
t: 0845 644 4745
d: 0131 247 8021
f: 0131 478 7377
w: www.kraya.co.uk
Reply to: