[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Blocking

Am 2005-04-25 10:03:29, schrieb Alvin Oga:

> - use /etc/hosts.deny to deny everything
> - use /etc/hosts.allow to allow incoming ssh from ip# you trust
> 	sshd:  w.x.y.z

I have encountered then sshd read this two files every time anyone
try to login

Now I have setup my /etc/syslog.conf to pipe the sshd log
into a script which detect the "haccing attemped and put
the IP into /etc/hosts.deny dynamicly.


Now I have very small sshd.log of some kByte because
before I used piping I had around 1,3 to 60 MByte per week.

Oh yes, blacklisted IPs stay 3 hour after last false login
there and then they are automaticly deleted.

It works with a simpel text/plain database

serialdate      ipaddress

> c ya
> alvin


Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

Reply to: