On Tue, 2004-12-07 at 14:24 -0600, Michael Yep wrote: > Hello > > In my LogWatch report I get many login attacks, many from the same IP address. > > sshd: > Authentication Failures: > root (218.232.109.187): 59 Time(s) > adm (218.232.109.187): 2 Time(s) > apache (218.232.109.187): 1 Time(s) > nobody (218.232.109.187): 1 Time(s) > operator (218.232.109.187): 1 Time(s) > Invalid Users: > Unknown Account: 43 Time(s) > > I have permitRootLogin set to NO, and I use strong passwords, but can I > just add these IP addresses to hosts.deny? > and if so how would I set that up I tried to go down that road a few years back - whenever anyone tried to probe my system I'd lock them out using iptables. In not very much time my iptables rules were unmanageably long. I found that just disabling remote root login and enforcing strong passwords was really the only way to deal with this kind of thing. Thomas
