On Wed, 2005-05-04 at 18:23 -0700, Daniel B. Thurman wrote: > Folks, > > Seems that I am getting daily brute-force ssl attacks -- > Anything I can or should do? > > Here is the System Logs: > ======================================= > May 4 01:01:50 linux sshd[10438]: Did not receive identification string from ::ffff:194.65.138.98 > May 4 01:04:44 linux sshd[10448]: Illegal user temp from ::ffff:194.65.138.98 > May 4 01:04:57 linux sshd[10448]: Failed password for illegal user temp from ::ffff:194.65.138.98 port 52888 ssh2 snip > May 4 13:07:04 linux sshd[24906]: Failed password for illegal user admins from ::ffff:209.76.72.12 port 52516 ssh2 > May 4 13:07:04 linux sshd[24908]: Illegal user admins from ::ffff:209.76.72.12 > May 4 13:07:07 linux sshd[24908]: Failed password for illegal user admins from ::ffff:209.76.72.12 port 52610 ssh2 > I set my firewall to block ssh from everywhere except the few places I might use for remote access. It drastically cut down the attempts to get in. I now only get hit from one or 2 IPs a day.
