On Tue, December 7, 2004 3:24 pm, Michael Yep said: > Hello > > In my LogWatch report I get many login attacks, many from the same IP > address. > > sshd: > Authentication Failures: > root (218.232.109.187): 59 Time(s) > adm (218.232.109.187): 2 Time(s) > apache (218.232.109.187): 1 Time(s) > nobody (218.232.109.187): 1 Time(s) > operator (218.232.109.187): 1 Time(s) > Invalid Users: > Unknown Account: 43 Time(s) > > I have permitRootLogin set to NO, and I use strong passwords, but can I > just add these IP addresses to hosts.deny? > and if so how would I set that up > Hi Michael, Sounds like you have a good setup. To deny that address add this line to your hosts.deny: sshd: 218.232.109.187 Also, you might want to report the abuse to the owner of the IP address. Doing a "whois 218.232.109.187" returns: [ ISP Network Abuse Contact Information ] Name : Network Abuse Phone : +82-2-106-2 Fax : +82-2-6266-6483 E-Mail : abuse@xxxxxxxxxx Cheers, Sean > Development / Technical Operations > RemoteLink, Inc. > >
