|
|||
massive ssh login attempts
Hi
When I check my authlog it's filled with ssh login attempts, mostly from China and Malaysia. It constantly filles up with failed logins for diffrent random users including root. I think it's around 600/day... Is this normal for a home server? It's an OpenBSD 5.1 box, what is your toughts on the best way to protects your server from these massive attacks? Should I block IP adresses with more than 3 attempts for 24 hours? |
|
|||
Quote:
One of the things this sort of act proves is that as a sysadmin, you should ensure that common passwords are being used on your system(s). Dissuading use of common account names isn't such a bad idea either. |
|
|||
Follow the recommendation of jggimi, and also change ssh to listen to a different port.
This will stop almost all these login attempts
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thanks!
I already have disabled root logins (by default), so next will be to disable password authentication.
It feels good to know that this is normal, but I feel like an teenager by saying that! |
|
|||
solution
So the solution also become script running every 10 minutes:
Code:
cat /var/log/authlog | grep "sshd" | grep -i "failed" | rev | cut -d\ -f 4 | grep '[.]' | rev | sort | uniq -c | awk '{ if ($1 >= 10) print $2}' > /etc/ssh_block Code:
table <ssh_block> persist file "/etc/ssh_block" block drop in from <ssh_block> to any |
|
|||
I suggest dropping that script and using an "overload <ssh_block>" state option in pf.conf. See pf.conf(5) for details, and probably a bunch of other posts here on this forum too. Its a really really good feature to add to your skillset imho.
|
Tags |
ssh login attempts |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Mozilla attempts and abandons Firefox 3.6 upgrade | J65nko | News | 1 | 8th October 2011 01:57 PM |
Handling ssh login attempts with pf | mayuka | OpenBSD Security | 17 | 11th January 2010 04:53 PM |
Login automatically | map7 | FreeBSD General | 1 | 12th October 2008 11:09 PM |
How can i login to my FreeBSD ?? | ceramic | FreeBSD Installation and Upgrading | 4 | 28th July 2008 11:56 AM |
How to set up ssh login | cssgalactic | FreeBSD General | 12 | 28th June 2008 06:00 PM |