For anyone running a UNIX desktop/server and who is as slow as I am, I would suggest enforcing something like fail2ban on your machine. Otherwise you end up with bunch of guys in your internets, hacking all your boxes(1.7MB). I only just took a look at logs today, but apparently you should only venture out onto the internet prepared.
Someone pointed out to me that sshd_config also offers an AllowedUsers option, which is useful if you only want some users on SSH (you may have some users using others services such as Samba which you want totally restricted from SSH). Fail2ban more directly addresses my issue, which is some obvious brute force attempts (one of the IPs in that log had over 3000 login attempts). Fail2ban actually inserts a temporary DROP line into your iptables after a few failed login attempts, so I should hopefully only be seeing a few lines from each attacker instead of several thousand.
|
|
|
|
