Weblog entry #169 for ajt
See all weblog entries made by ajt.
Some Tw*t Head using a box currently on IP 203.171.236.172 has (unsuccessfully) been trying to SSH to my box all evening. It's annoying now as they are clogging up my root messages. They can't get in as I have SSH turned off on at the moment but I have iptables set to log anyone trying to get in...
Comments on this Entry
Adrian
[ Parent | Reply to this comment ]
I've considered fail2ban and denyhosts in the past. In the current situation neither are a perfect match as the firewall is on one system and the SSH server is on another... I really should look at a way of integrating them somehow though.
--
"It's Not Magic, It's Work"
Adam
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
It is blocked, in fact SSH was turned off so it was impossible to get in at all, however the annoyance is that it clogs up the logs.
--
"It's Not Magic, It's Work"
Adam
[ Parent | Reply to this comment ]
But seriously I use IPTables with fail2ban adding IP's to the block rules, which just logs the IP and how long it's going to get blocked, I no longer bother logging the IP's denyed packets as they can get to be very big logs which filled the disk. You might want to log each packet deny if you want but I don't.
Paul
[ Parent | Reply to this comment ]
I probably should stop the logs, but I should also glue together a file2ban script first...
--
"It's Not Magic, It's Work"
Adam
[ Parent | Reply to this comment ]