Brent Clark wrote:
Hi all
What would be the recommended the rule for matchlimit FROM a specfic ipaddess.
Last night I found that I was a victim of a dictionary brute force attack.
From what I gather I can see that no access was granted.
If anyone has any tip, advice, etc it would be most appreciated.
Kind Regards Brent Clark
==================================================================== Copy and paste below from logwatch ====================================================================
--------------------- SSHD Begin ------------------------
Failed logins from these:
Ionutz/password from 80.84.248.224: 1 Time(s)
Melk/password from 80.84.248.224: 1 Time(s)
aaron/password from 80.84.248.224: 1 Time(s)
*snip*
Illegal user portmap from 80.84.248.224 Illegal user x from 80.84.248.224 Illegal user jas from 80.84.248.224 ---------------------- SSHD End ------------------------- ###################### LogWatch End #########################
This will be kind of pointless too (baning ip addresses after they have attacked you) ... like having an umbrella but after the rain has stopped.
The better solution (my opinion) will be to secure your sshd to the highest level possible.
tips:
keep it up to date,
use strong passwords (long, containing numbers, special characters, up and lower case),
change the default port sshd listens to,
allow only ssh version 2,
disable password authentication at all and use pub/priv keys if possible,
allow only specific users and/or groups if possible,
disable root logins,
and finally, if possible (i don't like this option but someone may find it useful) - allow connections to the sshd port only from trusted/known ip addresses.
Everything written above is just my point of view and is concerning openssh.
regards, Georgi Alexandrov
