[mythtv-users] SSH break in attempt this morning using mythtv user
Andrew Bassett
andrew at abassett.org
Thu Mar 2 00:53:01 UTC 2006
mythtv-users at fastdruid.co.uk wrote:
> On Tuesday 28 February 2006 02:20, Jason Gillis wrote:
>
>> Hi John,
>>
>> Why am I emailing you tonight? Well, it looks like you have a machine on
>> 24.1.121.211 that tried to break into my system this morning. I was able
>> to track you down via the whois information for your domain (nissley.org)
>> and the IP address in my logs.
>>
> <snip>
>
> FWIW I got so sick of ssh break in attempts (the latest one attempted over 800
> users and attempted for over 50min) that I wrote a little script to loop
> round, check the log for relevant sshd warning messages, snip the ip out and
> use iptables to block everything from that host. It does mean that I have to
> be _very_ careful to get my login correct first time from outside though. ;-)
>
> David
>
I use something called Denyhosts [http://denyhosts.sourceforge.net/]. It
was trivial to set up. You can set certain thresholds so any mistakes
logging in won't cost you too much. So far I have about 50 ip's blocked
in the space of one month.
-Andrew
More information about the mythtv-users
mailing list