[SWLUG] Possible SSH Attack
Carwyn Edwards
hovercraft.eel at gmail.com
Thu Jul 14 21:34:42 UTC 2011
you could change the port from the default 22, that should prevent most of
the automated brute-force attacks. Fail2ban is another option, if you want
to keep the port to default for some reason. It scans the sshd logs, and
bans any IP address which makes repeated failed attempts to log in.
http://www.fail2ban.org/wiki/index.php/README sums it up quite well.
On 14 July 2011 22:22, Jon Reynolds <maillist at jcrdevelopments.com> wrote:
>
> authentication failure; logname= uid=0 euid=0 tty= ruser= rh
> ost= user=bin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20110714/84049a15/attachment.html>
More information about the Swlug
mailing list