On Mon, Jun 26, 2006 at 10:57:45PM +0200, Rob Sterenborg wrote: > >> What type of logon? SSH, telnet, ...? > > > > sorry, what comes from typing email when your still asleep. > > most seem to be hitting my sshd, tho the username/password > > combo leads me to believe that the person is using a database > > to try to overload the server. > > > > killed some pids that where owned by sshd and they kept > > cropping up faster than i could kill them. > > You may want to use SSH public/private-key auth, not password auth. It's > not really hard to implement and you wouldn'd be bothered by > user/pass-guessing as any attempt to logon that way will just be denied. Something that was suggested in the mailing list previously iptables -I INPUT -p tcp --dport 22 -j SSH iptables -I SSH --protocol tcp --destination-port 22 --match state --state NEW -m limit --limit 2/hour --limit-burst 3 --jump ACCEPT iptables -I SSH -j DROP Then just refine the initial filter in INPUT Slows them right down! > > > Gr, > Rob > > >
Attachment:
signature.asc
Description: Digital signature
