Growing ever concerned about attacks on SSH

impulse() · 09-10-2006, 06:07 PM

Over the past few weeks I noticed many failed logins from various IPs on Samba and SSHD. After advice given on here I was pointed towards DenyHosts which seemed to be doing its job correctly. I've checked my roots mail just and I see.

PHP Code:


			
Connections Denied:

    lib/access.c:check_access(328)  87.10.29.244 : 1 Time(s)

    lib/access.c:check_access(328)  87.10.84.135 : 1 Time(s)

    lib/access.c:check_access(328)  87.107.226.158 : 2 Time(s)

    lib/access.c:check_access(328)  87.110.74.5 : 3 Time(s)

    lib/access.c:check_access(328)  87.120.52.16 : 2 Time(s)

    lib/access.c:check_access(328)  87.123.100.35 : 5 Time(s)

    lib/access.c:check_access(328)  87.234.207.220 : 2 Time(s)

    lib/access.c:check_access(328)  87.24.216.19 : 2 Time(s)

    lib/access.c:check_access(328)  87.242.27.152 : 2 Time(s)

    lib/access.c:check_access(328)  87.243.150.66 : 2 Time(s)

    lib/access.c:check_access(328)  87.247.167.157 : 1 Time(s)

    lib/access.c:check_access(328)  87.3.131.207 : 1 Time(s)

    lib/access.c:check_access(328)  87.51.244.250 : 1 Time(s)

    lib/access.c:check_access(328)  87.53.254.231 : 1 Time(s)

    lib/access.c:check_access(328)  87.64.26.202 : 1 Time(s)

    lib/access.c:check_access(328)  87.7.177.206 : 2 Time(s)

    lib/access.c:check_access(328)  87.78.86.12 : 2 Time(s)

    lib/access.c:check_access(328)  87.8.144.98 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.10.29.244 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.10.84.135 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.107.226.158 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.110.74.5 : 3 Time(s)

    smbd/process.c:process_smb(1103) 87.120.52.16 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.123.100.35 : 5 Time(s)

    smbd/process.c:process_smb(1103) 87.234.207.220 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.24.216.19 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.242.27.152 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.243.150.66 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.247.167.157 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.3.131.207 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.51.244.250 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.53.254.231 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.64.26.202 : 1 Time(s)

    smbd/process.c:process_smb(1103) 87.7.177.206 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.78.86.12 : 2 Time(s)

    smbd/process.c:process_smb(1103) 87.8.144.98 : 2 Time(s)

But DenyHosts doesn't seem to have blocked any of the IPs. Is there any other cautions I can take to stop unwanted access besides DenyHosts?

Thanx in advance,

blackhole54 · 09-11-2006, 02:33 AM

I don't know what your exact requirements are, but I suggest considering (to the extent feasible) trying to block access at the firewall.

unSpawn · 09-11-2006, 03:34 AM

@impulse(): If you made certain DenyHosts didn't block those you probably made a mistake configuring it. If it has problems you can't fix it would be good to inform its developer or maintainer. Next read the sticky thread "Failed SSH login attempts" in this forum for an overview of other software with similar capabilities.

@blackhole54: spastic post button behaviour is a clientside problem. No software will ever be able to compensate for that. If you "think" the button does not respond please *wait* a minute or so.