[PLUG] Got hacked last night - HELP!
Colin Kuskie
ckuskie at dalsemi.com
Mon Oct 4 16:23:02 UTC 2004
On Mon, Oct 04, 2004 at 04:03:07PM -0700, Sandy Herring wrote:
> The first thing you need to do is make certain you've closed any holes
> in your ssh installation. You can keep unwanted visitors at bay via
> tcp_wrappers. e.g.,
>
> /etc/hosts.allow
> #insert ip addresses you want to grant access via SSH
> sshd: 123.123.0.234 192.168.0.
>
> /etc/hosts.deny
> sshd: ALL
>
> This allows access via ssh to 123.123.0.234 and anyone in the
> 192.168.0/24 (Class C) address space. `man 5 hosts_access' for more.
Is there a way to automatically add IP addresses after 5-10 failed
attempts, or to rate limit attempts to frustrate scanners?
Thanks,
Colin
More information about the PLUG
mailing list