On 08/21/2015 08:13 PM, John Andersen wrote:
On 08/21/2015 10:35 AM, Lew Wolfgang wrote:
Hi Greg,
I too see LOTS of login attempts from China on public-facing ssh servers, but in my case most are using non-root logins. I've been using blockhosts, but last year I got tired of seeing thousands of entries in the table so I entered all known China IP CIDR blocks. Now I'm down to about 100 actively blocked IP's plus about 100 "watched" IP's.
But being unfamiliar with the OP's message report and not knowing his configuration, I'd be worried and would look further.
Regards, Lew
I've seen these too, and got tired of them filling my logs, even though I rate-limit via Shorewall, and failtoban. (Ever growing ban lists slow things down).
I've reduced these incidences by moving my external facing ssh to a different high port. I see virtually no attempts any more.
I stopped using ssh service directly on the internet, and now I a VPN. Dsant, from France -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org