Hallo,
Arnold Krille hat gesagt: // Arnold Krille wrote:
> I have a script that filters the log-files for "invalid user", extracts the IP
> and adds it to the RECENT table (which is used for blocking for five minutes).
> But some of these attackers have botnets which means a lot of IP's to be
> blocked before they finished their username-list...
Basically that's what denyhost does, and it also has additional features
like a realtime bla/ocklist, which also blocks distributed
attacks that are not affected by blocking single IPs because one
attacker there is able to use a new IP for each attempt. OTOH botnets
usually are interested in servers with more valuable data than most of
us have.
> From my experience using key-logins only helps when you have only linux users.
> Most windows people don't really understand the concepts of security, public
> keys and such.
True, but for home-machines of Linux Audio freaks, usually nobody from a
Windows machine needs to log in anyway. ;) And if it's a public server,
I'd rather not have anybody logging in through ssh who is not capable of
dealing with key logins. I disabled password logins through ssh on
my public machines.
Ciao
-- Frank _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@email-addr-hidden http://lists.linuxaudio.org/mailman/listinfo/linux-audio-devReceived on Sun Feb 15 16:15:03 2009
This archive was generated by hypermail 2.1.8 : Sun Feb 15 2009 - 16:15:03 EET