Quote:
|
Originally Posted by rmvg I have a bunch of these in my logs it is very late and i am very tired thought i would throw up this post quick. |
Yeah, as some other folks suggested, blocking those with firewall rules might leave you with a ton of firewall rules, as well as creating more work for yourself.
Might I recommend looking into pam_abl (abl == auto black list).
Basically, after PAM sees a certain about of failed login attempts from a certain host, it denies access to that host for a configurable amount of time.
For example, you can say that if a given host has 10 failed login attempts within an hour, block access for a day or two.
Some people bring up the fact that if you screw up, you could end up blocking yourself out of your box. Well, that may be true... though, in all my time on Linux, I'm not sure I've ever had 10 failed login attempts in an hour.
That said, there's another way around this....
You can setup port forwarding on an alternate port... perhaps 443 (assuming you have a second IP which Zimbra isn't using). You could port forward port 443 to port 22 on your server.... and in the pam_abl list, you can tell it to ignore certain hosts.
In this case, you'd tell it to ignore itself... the IP your port 443 was coming from. That way, you always have another way into your box, and scripts don't generally scan for ssh running on alternate ports.
Just a thought.
Have a good one,
-Eric
pam_abl:
http://www.hexten.net/pam_abl/