Ssh rocks. It's an awesome protocol. But, it has an "achilles heel" - a default port. Why? Because services *should* have default ports according to some people. Not me.
So, since ssh runs by default on port 22, people attack that port left and right, to see if they can bust into your server.
The program "lastb" reports the bad login attempts. That's kind of useful but kind of crazy to work through.
The following summarizes the matter, reporting the IP addresses that have made over 1000 failed login attempts via ssh.
lastb -ai|awk '{print $10}'|sort|uniq -c|sort -n|egrep [0-9]{4}
If the output from the above doesn't convince you to move ssh to a custom port, such as 123456, nothing will.
No comments:
Post a Comment