Bowie Bailey wrote:
Bo Lynch wrote:
just wanted to get some feedback from the community. Over the last few
days I have noticed my web server and email box have attempted to
ssh'd to using weird names like admin,appuser,nobody,etc.... None of
these are valid users. I know that I can block sshd all together with
iptables but that will not work for us. I did a little research on
google and found programs like sshguard and sshdfilter. Just wanted
to know if anyone had any experience with anything like these
programs or have any other advice. I really appreciate it.
The simplest thing is to change the port. I know it's "security through
obscurity", but it works well and can be used along with whatever other
security enhancements you care to use.
By changing the ports on all our servers to a high (above 1024) port, we
have eliminated SSH scans altogether - been running like that for a few
years now without any problems.
I also add a small script in /etc/profile to email me when someone logs
in via SSH, since only a few privileged ppl should use SSH altogether
--
Kind Regards
Rudi Ahlers
Check out my technical blog, http://blog.softdux.com for Linux or other
technical stuff
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
