Hi,
I have a small concern.
Lately there has been many attempts to compromise my Linux shell (and FTP storage) from all over the world by repeatedly trying different usernames and passwords. What I did was take, for instance, "58.1.248.201" and added the line:
ALL:58.
to /etc/hosts.deny. I decided to block the entire "block", because there are multiple IP addresses from the same network. I am behind a router and can close the port at anytime but I have a lot of schoolwork on this machine and access it from there and other places. So I added more like this and rebooted (just as an added extra precaution). Today that same IP(s) was found in my messages like so:
Code:
Mar 6 08:09:46 leo sshd[648]: Did not receive identification string from 58.1.248.201
Mar 6 05:53:10 leo sshd[587]: Failed password for root from 140.116.214.65 port 36688 ssh2
Here is where I got confused. I have a long list and this is the first time I've seen these addresses in the log after adding the IP(s) to hosts.deny. It is only these two, none of the others show up here. Please give me your feedback on this. I'm just an average Linux user, no expert (but would like to be one day). I "thought" I had this understood right but I'm missing something, thanks for your input.
I am using Slackware 11.
For anybody else out there with a Linux box at home, I would highly advise (as always but now more than ever) to implement a very strong password and close any ports you aren't using with a router/firewall. I have a list of 100 to 200 attempts from about 50 different IP addresses ranging from China, India, U.S., France and more and I'm just a slackish home user. Secure your information or it will be compromised! I'm on a cheap Cable network though which probably has a lot to do with it.