Re: What to do with a constant flow of attempts to login to my compuet?

Sun, 03 Jan 2010 07:31:25 -0800 

Hi,

simple answer: apt-get install denyhosts
Then setup the config file according to your needs and run this daemon. When
someone will pass the threshold, it will be added to  /etc/hosts.deny and
will be blocked.

You might want to complain about the abuser to this IP holder (Digitel
Philippines), by sending an email to ne...@digitelone.com - They are in
charge of the IP you're mentioning.

Hetz

On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo <szab...@gmail.com> wrote:

> I just noticed someone bombarding my machine trying to login via ssh.
> >From auth.log
>
> Jan  3 06:31:48 s6 sshd[22774]: Failed password for invalid user
> amavisd from 202.138.142.216 port 35172 ssh2
> Jan  3 06:31:48 s6 sshd[22773]: Failed password for invalid user
> clamav from 202.138.142.216 port 39941 ssh2
> Jan  3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216
> Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user
> unknown
> Jan  3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
> Jan  3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216
> Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user
> unknown
> Jan  3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216
> Jan  3 06:31:52 s6 sshd[22780]: Failed password for invalid user
> clamav from 202.138.142.216 port 35699 ssh2
> Jan  3 06:31:52 s6 sshd[22781]: Failed password for invalid user
> appserver from 202.138.142.216 port 40470 ssh2
>
>
> So what is your suggestion. What to do with it?
>
> Gabor
>
> _______________________________________________
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
my blog (hebrew): http://benhamo.org
Skype: heunique
MSN: hetz-b...@benhamo.org

_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Reply via email to