Mohd Syakir wrote:
Hi,
i have one centos 4.3 box, exposed to the internet.
since several weeks ago, i found numerous attemps to connect through
SSH, but failed.
they tried with many username, including root.
it's comes from different IP. some of them are foreign website.
How do i make my centos become smarter in handling this kind of attacks.
eventhough i've disable all the user accounts, left only the admin
accounts. making the password so hard, longer and combining alphabet,
numbers and characters... yet i dont want the attackers keep on
trying.
any suggestions?
I don't need to connect from many places, so this helps:
summer@coco:~$ grep -i ss /etc/hosts.*[wy]
/etc/hosts.allow:sshd: 192.168. 203.34. 220.235. 203.59. 203.55.
203.33. 202.72. 203.15.140. 203.33
/etc/hosts.deny:sshd: ALL
summer@coco:~$
In fact, it works so well I get hardly any.
You can also use iptables to limit the rate at which connexions are
accepted; they tend to go away when things time out.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
