Everyone running a public ssh/ftp/whatever service is a prime target these days :/
73,
Ruben - ON3RVH
-----Original Message----- From: 44Net [mailto:44net-bounces+on3rvh=on3rvh.be@hamradio.ucsd.edu] On Behalf Of Brian Kantor Sent: dinsdag 23 mei 2017 13:05 To: AMPRNet working group 44net@hamradio.ucsd.edu Subject: Re: [44net] probbing and attacks on my router
(Please trim inclusions from previous messages) _______________________________________________ Well, I use 'denyhosts' which works the same way as 'fail2ban' and I have it set to allow 5 tries (at 2 tries max, I had too many of my legitimate clients who flubbed their logins get banned and had to contact me). I still get thousands of login attempts per day because there are so many different sources of the probes. Block one and two more spring up to twist the doorknobs. Apparently we're a prime target. - Brian
On Tue, May 23, 2017 at 10:57:47AM +0000, Ruben ON3RVH wrote:
For failed SSH login attempts, you might look at fail2ban , configure that one with 2 auth faillures and repeat offenders and you'll be golden and rid of those thousands of login attempts :)
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net