|reply to Simba7 |
Re: Massive Botnet Attack on SSH port (router)
hey guys.. I'm baaack.. naw I've been having some friends getting really angry at Bresnan this last week so I thought I would see what the buzz was here. I'm now on the slow DSL boat but I at least get what they advertise.
Anywho.. These botnet attacks are "normal" nowadays. I would suggest a fantastic Linux app called fail2ban. It watches the logs and after x failed login attempts on Y service, blocks them with iptables for Z time. I've been using it for years and it really helps discouraging them from continuing and saves on those tiny ticks of bandwidth they eat. Not only this but fail2ban will watch logs for pop3, email, http, ftp, and anything else you could probably write a regular expression for.
It's not a bad thing to change the SSH port as long as you or a couple people use it. In my case I make all my web clients able to use ssh so changing the port would be a big hassle for me support-wise.