Marko Vojinovic wrote:
On Saturday 07 May 2005 02:09, P. Thompson wrote:
On Wed, 4 May 2005, Daniel B. Thurman wrote:
Folks,
Seems that I am getting daily brute-force ssl attacks --
Anything I can or should do?
I wrote a little script that adds an iptables rule to drop the attacking ip address for an hour then remove the block. An hour might be overkill, but they never come back from the same address.
It does not block on false users from IP ranges I normally come in from so if I fat-finger my login I'm not screwed for an hour.
I keep my sshd unblocked because I periodically ssh in from previously
unknown quarters and want that flexibility.
Is there an easy way to manually block a specific IP? I would like to be able to block and unblock a couple of IPs when I seem fit, but since I am a begginer man iptables seems far too techy for me. Is there a recipe for this?
You may want to talk a look at this story I wrote: http://www.dalive.com/dalug/softwarestories/view.php?rid=00000002
Also, are you willing to share your script with us (I guess I could learn from it)?
Best regards, Marko
