Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A script to automatically blacklist illegal ssh attempts' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to automatically blacklist illegal ssh attempts
Authored by: EddEdmondson on Sep 14, '04 12:56:03PM

I wonder why this is run from cron - it'd be better to have it parse a 'tail -f' continually or something, surely?

Anyway, there are several other things to consider here:
1) The possibility of blacklisting machines that genuine users are trying to login from, perhaps if they mistype their own username or password and trigger the blacklist.
2) That you should aim to whitelist anyway as thrig says, and that an up to date sshd should be pretty resistant to attacks so blacklisting is unlikely to block a significant number of attacks that would otherwise get through.

The risks of 1) in return for the benefits of 2) would make me wary of applying this.



[ Reply to This | # ]