Ankush Grover schreef:
On 8/31/06, JeeBee <JeeBee@xxxxxxxxxxxx> wrote:
I just had the same problem. I wanted to block an ip that is constantly
doing a dictionary attack on my system. This is the situation before:
/etc/hosts.allow:
ALL : <some trusted domains here>
sshd : ALL
/etc/hosts.deny:
ALL : ALL
The only way I could see to add this ip address I want to block is
to change sshd:ALL in hosts.allow to sshd:ALL EXCEPT 1.2.3.4.
If I sould add sshd:1.2.3.4 to hosts.deny, this would totally be
ignored.
Perhaps it would be more neat to remove sshd:ALL from hosts.allow
and to remove ALL:ALL from hosts.deny.
Then I could say sshd:1.2.3.4 in hosts.deny.
However, what more will be allowed then? The ALL:ALL in hosts.deny
blocks a lot more of course.
Still, I have the feeling that ALL EXCEPT <long lists of untrusted ips
here> is not the way to go.
Can anybody tell me how this should be done?
Hey,
A script which automatically blocks the offending ips. Please read the
documentation for more information regarding this.
http://denyhosts.sourceforge.net/
Regards
Ankush Grover
Hey, or you can put your SSHd on an other port... worked for me ;)
- Mike
--
ATN Networks
Dirk de Derdelaan 215
3132 HE VLAARDINGEN
url: www.atn-networks.nl
mail: mike@xxxxxxxxxxxxxxx
mobiel: 06 - 28 11 49 91
Voor al uw hostinggebonden oplossingen
