On 06/30/2017 03:49 PM, Dave Ihnat wrote: > On Sat, Jul 01, 2017 at 06:35:54AM +0800, Ed Greshko wrote: >> On 06/30/17 09:10, jdow wrote: >> I once did rate limiting on brute force login attempts. But I found >> that all the attempts were scripted. So instead of an attack from a >> single IP address happening for a minute or so the attack simply went >> on for hours. The same number of attempts were made. > > The single thing I've done that dramatically reduces attacks is simply > moving from port 22. It's silly, sounds like security through obfuscation, > but almost all the stupid attack scripts seem to go for the default port. > > After that, I simply restrict connections to known source IP addresses for > direct connects, and run everything else through a VPN tunnel. That'll mitigate a lot of it. I do precisely the same thing. Also make sure you don't allow ssh root logins. Newer sshd configs have that set by default but some older ones allow root. Check your config to be sure. "Just because I'm paranoid doesn't mean they AREN'T out to get me!" ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Millihelen (n): The amount of beauty required to launch one ship. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
