Subj : Block admin and root access attempts
To   : Mro
From : nightcrawler
Date : Sun Oct 26 2014 04:26 pm

  Re: Block admin and root access attempts
  By: Mro to nightcrawler on Sat Oct 25 2014 06:54 pm

 Mr>  Re: Block admin and root access attempts
 Mr>  By: nightcrawler to All on Sat Oct 25 2014 12:08 am

 >> Can someone tell me something I can add to my login script that will
 >> automatically add Ip's to the IP.can file that try to log in as root
 >> or admin. It is becoming a full time job adding all the hack attempt
 >> IP's manually. There was some discussion on the Facebook group about
 >> this, but wasn't given a definitive answer. Also, I figured it would
 >> be more helpful


 Mr> since you are a server on the internet, all your services have brute force
 Mr> attacks. 

 Mr> adding something to your logon script will just block people who try to
 Mr> telnet in. what about ftp, email, ssh, rlogin, nntp, etc?

 Mr> get peerblock and just block china.
 Mr> that way it's blocked before it even hits your bbs.

 Mr> i have that bbs capcha thing and it's not stopping new ones from hitting
 Mr> me every day. it's a losing battle.
 
I've never really had a problem with ftp, rlogin, etc. All the attempts seem to
be localized to SSH connections, trying either admin or root. Recently I
noticed a single IP will attempt simultanious connections, taking all my nodes
down. 

I've tried peerblock with very little success. Seems it doesn't cut down on
attempts at all. 

Nightcrawler +o Dark Sanctuary
darksanctuary.darktech.org 

---
 þ Synchronet þ Dark Sanctuary darksanctuary.darktech.org

.