by  • 11th March 2006 • Uncategorized

    For a long while I have a lot of ssh connections trying to login with common user names. They all fail as I have secured my ssh quite well, but there is one annoying thing about that failed connections … logs , they grow like crazy! filled with ssh messages …

    Today I’ve tried some grep on my logs , to count these connections, for present week it makes around 11600 dump entries from 17 hosts… so why not block that hosts.

    I’ve wrote some few liner which is run from cron, it checks for new entries in my logs , and if it finds any new hosts, this guys are added to iptables with a -j DROP

    I don’t have a problem about blocking any legitimate hosts, I can always wait or just turn around to remove my self from iptables -j DROP 🙂

    So if you are one of that idiots, remember , you have just one bullet for each of your colts 😉