[ale] failed ssh login attempts

[Sean Johnson]

Hi all, 

Just catching up on this thread... i experienced a lot of these type
of attacks, usually from Asian IPs late at night, so another way i
helped protect my system was by adding 2 cron jobs one that starts the
server at 9AM and shuts it down at 6pm. These are the only times i use
it from work. This is in addition to the following:

1. Disable root login via ssh (as well as all other normal type users
that programs run under)
2. Enable it for only the users that explicity need it. (use bastille to help)
3. Move default port from 22
4. Limiting IP addresses from which you can connect to the server (i.e. work)

Sean Johnson
Libranet now Ubuntu! :)


On Wed, 09 Feb 2005 11:48:32 -0500, John Trostel
<jtrostel at mindspring.com> wrote:
> These types of ssh brute force attacks have been occurring for at least
> a year, I think.  If your system is exposed to the net for any
> reasonable period of time and runs ssh, it should have been subjected to
> them.
> 
> Always good to keep up to date, turn off (and remove) unneeded services,
> and read and apply the handy tips in Bob's book!
> 
> --
> John Trostel
> Photon Computer Services
> System Support and Design
> "We're small, fast and discrete"
> 404-247-5112
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>