Anonymous wrote:
I get loads of this crap in my auth.log file, Failed password for illegal user root from ... Failed password for illegal user webmaster from ... Failed password for illegal user data from ... sometimes almost 100 attempts in series from the same IP. I want to install something that will block an offensive IP indefinitely after a few bad attempts (say 3 or 4 rather than 1, since I occasionally make typos when logging in!). Is portsentry the package I want in order to do this? Is it easy to configure to do what I want?
IIRC Port Sentry operates by blocking connections to ports that are un-used, i.e. if you were not using SSH and someone connected to port 22 then PortSentry would activate and update IPTables to block the IP. However it will not stop connections to ports where services are listening. Do you need to allow access to SSH from anywhere, or can you just place a few rules into your IPTables firewall script to only accept connections from specific IP's? That said, the simple solution would be to change the default SSH port from 22 to something unobvious. HTH Dave