On Sat, Jul 01, 2017 at 06:35:54AM +0800, Ed Greshko wrote: > On 06/30/17 09:10, jdow wrote: > I once did rate limiting on brute force login attempts. But I found > that all the attempts were scripted. So instead of an attack from a > single IP address happening for a minute or so the attack simply went > on for hours. The same number of attempts were made. The single thing I've done that dramatically reduces attacks is simply moving from port 22. It's silly, sounds like security through obfuscation, but almost all the stupid attack scripts seem to go for the default port. After that, I simply restrict connections to known source IP addresses for direct connects, and run everything else through a VPN tunnel. G'luck, -- Dave Ihnat dihnat@xxxxxxxxxx _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx