2 Jan
2012
2 Jan
'12
11:26 a.m.
Am 2012-01-02 12:23, schrieb cmeclax-sazri:
On Sunday 01 January 2012 23:36:13 grarpamp wrote:
This 'attack' has been going on for YEARS. Nobody's really getting shells (well some are), just dictionaried. The problem is that OpenSSH logs this by default and people freak out when they see it in their logs. It's just background noise. Real admins tune it out and use ssh keys instead.
I wrote a shell script that watches the logs and shuts off all access from an address that starts guessing passwords.
That is exactly what tools like "fail2ban" are for.
Paul