On Tuesday 07 December 2004 17:46, Gerry Doris wrote: >On Tue, 2004-12-07 at 15:24, Michael Yep wrote: >> Hello >> >> In my LogWatch report I get many login attacks, many from the same >> IP address. >> >> sshd: >> Authentication Failures: >> root (218.232.109.187): 59 Time(s) >> adm (218.232.109.187): 2 Time(s) >> apache (218.232.109.187): 1 Time(s) >> nobody (218.232.109.187): 1 Time(s) >> operator (218.232.109.187): 1 Time(s) >> Invalid Users: >> Unknown Account: 43 Time(s) >> >> I have permitRootLogin set to NO, and I use strong passwords, but >> can I just add these IP addresses to hosts.deny? >> and if so how would I set that up >> >> >> >> Michael Yep >> Development / Technical Operations >> RemoteLink, Inc. > >I had so many problems with the 218.0.0.0/24 domain that I totally >blocked the entire domain. I believe this domain is in Korea. > >-- >Gerry Doris <gdoris@xxxxxxxxxx> Another that bears blocking completely is 64.0.0.0/24 as its 100% spam of the non-edible variety. Ditto for 66.0.0.0/24. Anybody else have any more to contribute? -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) 99.30% setiathome rank, not too shabby for a WV hillbilly Yahoo.com attorneys please note, additions to this message by Gene Heskett are: Copyright 2004 by Maurice Eugene Heskett, all rights reserved.
