For a long while I have a lot of ssh connections trying to login with common user names. They all fail as I have secured my ssh quite well, but there is one annoying thing about that failed connections … logs , they grow like crazy! filled with ssh messages …
Today Iâ€™ve tried some grep on my logs , to count these connections, for present week it makes around 11600 dump entries from 17 hosts… so why not block that hosts.
Iâ€™ve wrote some few liner which is run from cron, it checks for new entries in my logs , and if it finds any new hosts, this guys are added to iptables with a -j DROP
I donâ€™t have a problem about blocking any legitimate hosts, I can always wait or just turn around to remove my self from iptables -j DROP 🙂
So if you are one of that idiots, remember , you have just one bullet for each of your colts 😉