Re: [vps-mail] Packet filter

["Look at SomethingCool.com" <look@xxxxxxxxxxxxxxxxx>]

On Tue, 2004-09-28 at 01:23, Wilson Pickett wrote:

> Is no one else on the list seeing these attempts frequently on VPS2?

Sure do, on all my Linux boxes, all my VPS1&2  boxes, all my FreeBSD
boxes I have scattered all over the Internet in different IP  blocks,
geographical locations, etc.  Heck, my dial-up IPCOP firewall at home
logs those attempts.  It's not too much different from all those
annoying scripts that script kiddies run on the Internet that looks for
cmd.exe on our *NIX servers.  Of course, you should have root login
disabled via SSH, for this not to be an issue.

The usual behavior is that when someone (or some script) inputs root as
the username, the system dumps them immediately before they even get to
a password prompt.

One idea how to combat this might be to write a script that gets the IP
address from these attempts and add them to the hosts.allow list to deny
further attempts.

To me, it's not really an issue.  Or should it be? 

-Tim

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).