On Mon, 2005-12-26 at 02:04, Tim wrote: > On Sun, 2005-12-25 at 21:24 -0800, Gerald wrote: > > It looks like i'm getting a dictionary attack on my system. I moved > > ssh to another port instead of 22 in hopes that would put a halt to it > > but it did not. Any recommendations to improve security here? > > Since you ask for "any" recommendations... > > If you don't need remote SSH access, configure the server not to listen > to the outside world. Other options might be to limit what addresses > it'll accept connections from, or which accounts can be remotely logged > into. > > Even longer passwords than you care for, to make it harder to brute > force crack. Good suggestions as well as the one to use keys if you need ssh access. Since someone took the time to scan for and find your ssh port then they are targeting you specifically. If you can, identify the IP they are coming from and put them in your iptables list to block all access from that IP. If they are moving to different IP addresses check into things like portsentry or the other one (ipdeny?) that will examine log files for hack attempts and dynamically add those IP addresses to your iptables deny list.
