Ime, the combination of cron and iptables does the trick. A small shell script is required to grep logs (don't forget a log rule in iptables) and add the rules in. As for SSH, I myself strongly recommend setting port 22 allowed to several trusted IP addresses, and block the rest. Thus, from an "untrusted" site you'll have to make a connection to a trusted server (over VPN? SSH? whatever, as long as it's secure, really), and from *there* connect to your server. Inconvenient? Add your home and working IPs into the allowed list. Secure? No! More secure than a world-open port? For the most part - yes. On Thursday 19 August 2004 20:40, MB wrote:
Hi list,
Been getting a ton of attempts on my ssh/ftp connections as of late, first they started with the usual script kids trying the admin/guest/etc on the ssh connection, now i get people trying all sorts of stupid usernames with blank passwords on the ftp connection.
1. Is there a way to block an IP, either perm. or for set period of time for SSH attempts 2. Is there a simular way for VSFTP
I'm sure i could block the address's manually, but i'd like it if it was automated? say for 6 attempts?
Matt SuSE 9.1
--------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we.