On Wed, Sep 3, 2008 at 6:55 PM, Patrick Shanahan <paka@opensuse.org> wrote:
* Linux <hans.linux@igi-alliance.com> [09-03-08 21:13]:
OK now my fail2ban is working. I have thousand of email informing me that some IPs are blocked. But the question is the same will attack again when the banned time is over. So except playing with banned time, is there anything that we can do? How do we banned those IPs for good?
well, you can adjust the ban times in /etc/fail2ban/jail.conf or install DenyHosts and set an extended ban time.
btw, ssh penetration attempts have escalated in the last couple of days. I run both fail2ban and denyhosts and have a firewall rule to drop after three failures and still see several hunderd bans per day.
And I'm seeing some too, but I have a VERY long lock-out (shorewall) after three attempts. Most of the reported IPs in my log are from Bejing. -- ----------JSA--------- Someone stole my tag line, so now I have this rental. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org