Gerry Doris wrote:
Tim Evans wrote:
Scott van Looy wrote:
So I ran
iptables -A INPUT -s 193.239.125.119 -j DROP
This is likely a losing battle, as you'll never be able to keep adding
rules for individual IP's.
You can, however, configure iptables to *allow* only a specified list of
IP addresses (i.e., the ones you approve of).
You should also configure sshd to allow only a specified list of users.
man sshd_config for details.
If this is not manageable, take a look at denyhosts
(http://denyhosts.sourceforge.net/)
These are script kiddies. Changing ssh to a non standard port instead
of the default 22 will also eliminate the attacks. This is useful if
your users move around and have different ip's.
Or install Denyhosts and allow it to sync with the server. This will limit how
many times they get a chance to login and then refuse the connection. But most
have already been reported by other Denyhosts users and blocked automatically.
--
Jason Turning
jturning@xxxxxxxxxxxxx
-----
http://www.bugz.homeunix.net:8000/
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
