<div dir="ltr"><div>Hi,</div><div><br></div>simple answer: apt-get install denyhosts <div>Then setup the config file according to your needs and run this daemon. When someone will pass the threshold, it will be added to /etc/hosts.deny and will be blocked.<br>
<br></div><div>You might want to complain about the abuser to this IP holder (Digitel Philippines), by sending an email to <a href="mailto:netad@digitelone.com">netad@digitelone.com</a> - They are in charge of the IP you're mentioning.</div>
<div><br></div><div>Hetz</div><div><br><div class="gmail_quote">On Sun, Jan 3, 2010 at 4:34 PM, Gabor Szabo <span dir="ltr"><<a href="mailto:szabgab@gmail.com">szabgab@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
I just noticed someone bombarding my machine trying to login via ssh.<br>
>From auth.log<br>
<br>
Jan 3 06:31:48 s6 sshd[22774]: Failed password for invalid user<br>
amavisd from 202.138.142.216 port 35172 ssh2<br>
Jan 3 06:31:48 s6 sshd[22773]: Failed password for invalid user<br>
clamav from 202.138.142.216 port 39941 ssh2<br>
Jan 3 06:31:49 s6 sshd[22780]: Invalid user clamav from 202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown<br>
Jan 3 06:31:49 s6 sshd[22780]: pam_unix(sshd:auth): authentication<br>
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22781]: Invalid user appserver from 202.138.142.216<br>
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown<br>
Jan 3 06:31:49 s6 sshd[22781]: pam_unix(sshd:auth): authentication<br>
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.138.142.216<br>
Jan 3 06:31:52 s6 sshd[22780]: Failed password for invalid user<br>
clamav from 202.138.142.216 port 35699 ssh2<br>
Jan 3 06:31:52 s6 sshd[22781]: Failed password for invalid user<br>
appserver from 202.138.142.216 port 40470 ssh2<br>
<br>
<br>
So what is your suggestion. What to do with it?<br>
<br>
Gabor<br>
<br>
_______________________________________________<br>
Linux-il mailing list<br>
<a href="mailto:Linux-il@cs.huji.ac.il">Linux-il@cs.huji.ac.il</a><br>
<a href="http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il" target="_blank">http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>my blog (hebrew): <a href="http://benhamo.org">http://benhamo.org</a><br>Skype: heunique<br>MSN: <a href="mailto:hetz-blog@benhamo.org">hetz-blog@benhamo.org</a><br>
</div></div>