Dealing with unwelcome visitors
Ed Robbins
ed at erobbins.com
Mon Aug 16 11:20:01 EDT 2004
Can you exclude all addresses except certain one's? This is how I deal with
it. Or look at port knocking for opening an ssh connection.
Ed
Ted Roche <tedroche at tedroche.com>
was written successfully
> I have a FC2 machine exposed to the Internet, supporting web, ftp, ssh
> and a few other functions. Each day I read the logs and see one or two
> visitors trying to log into ssh as "admin", "guest", "test" and "user"
> with one try each with a password and one without. The IP address is
> always different, but the fact that the pattern of names and attempts
> is always the same suggests script kiddies.
>
> I manually add the IP address to an iptables chain so that all future
> packets from that address are dropped.
>
> For a while, i was looking up the addresses and sending email to their
> local abuse@ website, but that got to be too much work.
>
> Anyone have a suggestion re:
>
> 1) are these appropriate actions to take?
> 2) is there any easier way to do it?
> 3) is there something else I ought to be doing?
>
> Ted Roche
>
More information about the gnhlug-discuss
mailing list