Subj : Block admin and root access attempts
To   : Mro
From : nightcrawler
Date : Tue Oct 28 2014 08:59 pm

 Re: Block admin and root access attempts
 By: Mro to nightcrawler on Sun Oct 26 2014 09:40 pm

>> attempts seem to be localized to SSH connections, trying either admin
>> or root. Recently I noticed a single IP will attempt simultanious
>> connections, taking all my nodes down.

Mr> change your ssh port.

Not a bad idea.
>> I've tried peerblock with very little success. Seems it doesn't cut
>> down on attempts at all.

Mr> you have to use a custom block script and add ip ranges. you just cant
Mr> run it and use it to block attackers.

I used the block list you provided. It has:

hank billings:96.36.1.1-96.36.255.255
hong kong:123.0.0.0-123.255.255.255
dragon networks:209.124.1.0-209.255.255.255
china mobile:120.192.0.0-120.255.255.255
attacker:176.0.0.0-176.255.255.255
taiwan:125.227.0.0-125.227.255.255
attacker:187.147.0.0-187.147.255.255
banjkok:61.19.0.0-61.255.255.255

It blocks a few, but most attacks still seem to get through.

Nightcrawler +o Dark Sanctuary
darksanctuary.darktech.org

---
� Synchronet � Dark Sanctuary darksanctuary.darktech.org

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.