On Mon, Feb 1, 2010 at 10:11 AM, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
Hello Skunkers
I have a Linux Box that is on the internet.I have several times noticed that when i look at my log files in /var/log/secure i notice alot of possible break in attempts eg
32 proxicious sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cl67-179-182-213.cl.metrocom.ru user=root Jan 25 19:02:34 proxicious sshd[32036]: Failed password for root from 213.182.179.67 port 47122 ssh2 Jan 25 19:02:34 proxicious sshd[32037]: Received disconnect from 213.182.179.67: 11: Bye Bye Jan 25 19:02:36 proxicious sshd[32038]: pam_unix(sshd:auth): authentication failure; logname= uid=0
There are so many ip addresses trying to enter this box.I have been blocking the IP addresses using
iptables -A INPUT -s a.b.c.d -j DROP from the box.
My question is,if there are very many IP's trying;is there a simpler method of doing this or do i have to do it one by one.(really frustrating) PS I have not enabled SELinux becoz sometimes it becomes a hindrance alot.
These should not bother you if you know that you have secured your sshd service. The other thing you could do is to change the default sshd port from 22 to something else known only to people who need it. FWIW, what Alex Nderitu has posted should really help. Most Linuxes come with that option set to "yes". *BSDs have it set to "no". -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube