Dealing with unwelcome visitors
Ted Roche
tedroche at tedroche.com
Mon Aug 16 10:49:00 EDT 2004
I have a FC2 machine exposed to the Internet, supporting web, ftp, ssh
and a few other functions. Each day I read the logs and see one or two
visitors trying to log into ssh as "admin", "guest", "test" and "user"
with one try each with a password and one without. The IP address is
always different, but the fact that the pattern of names and attempts
is always the same suggests script kiddies.
I manually add the IP address to an iptables chain so that all future
packets from that address are dropped.
For a while, i was looking up the addresses and sending email to their
local abuse@ website, but that got to be too much work.
Anyone have a suggestion re:
1) are these appropriate actions to take?
2) is there any easier way to do it?
3) is there something else I ought to be doing?
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
More information about the gnhlug-discuss
mailing list