Password scanning, countermeasures

Due to the amount of ssh account scanning (mostly from netblocks that appear to be from China, hundreds of attempts at night), as well as hearing that a local ISP is having his mail server similiarly probed, I’m adding some countermeasures.

If you have too many login attempts on (ssh, mail, webmail, whatever) the system will start blocking you on those ports for 15-20 minutes.  The blocks will be removed automatically.  When things are blocked, the only useful port you’ll find working is the regular web port - if you can reach then the network is fine, just try logging in a bit later.

[permalink] · Announcements ·