More SSH scanning countermeasures

This is to users to ssh to

Last year, I enabled countermeasures to help keep the SSH hack attempts against down to a minimum. We automatically block the IP address of systems trying to log in to and repeatedly failing.

The problems are getting worse; as such I’m making these changes: * Attempts to log in as a valid ID: unchanged; 10 attempts and you’re banned 15 minutes * Unknown accounts and daemon accounts: immediately blocked for 150 minutes If you log in from another account with a different account name, make sure that you always remember to specify your account name (correctly!) or the machine you are connecting from will be blocked for everything but the web server, for 150 minutes. If this regularly affects you, I *can* whitelist specific IP addresses to be immune to this behavior.

[permalink] · Announcements ·