On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > On 2020-06-21 15:33, Chuck Campbell wrote: > > I'm running Centos 7.8.2003, with firewalld. > > > > I was getting huge numbers of ssh attempts per day from a few specific > > ip blocks. > > If you can control the ssh clients, switch your port number to a > non-standard > port. Pick one in /etc/services that does not seem to be allocated. > Then change > "Port" in ssh_config and sshd_config; If other clients are being used > (like Putty), > it is easy to change it there. > > We used to get at least 50 probes per day on port 22. Now we get zero. > I used this technique for a number of years - then it got leaked to the script kiddies the port that was used. We don't have anything particularly valuable that they were looking for (I don't think!), but there are lists of subnets & ports out there that the kiddies use so once one found it, the flood gates opened. SSH is now protected behind a VPN. It's a valid thing to do and makes things much saner, but don't assume it is a forever solution and don't use it as an excuse to reduce other protections you may have. P. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos