23 May
2017
23 May
'17
7:04 a.m.
Well, I use 'denyhosts' which works the same way as 'fail2ban'
and I have it set to allow 5 tries (at 2 tries max, I had too
many of my legitimate clients who flubbed their logins get
banned and had to contact me). I still get thousands of
login attempts per day because there are so many different
sources of the probes. Block one and two more spring up to
twist the doorknobs. Apparently we're a prime target.
- Brian
On Tue, May 23, 2017 at 10:57:47AM +0000, Ruben ON3RVH wrote:
For failed SSH login attempts, you might look at
fail2ban , configure that one with 2 auth faillures and repeat offenders and you'll be
golden and rid of those thousands of login attempts :)