I get emailed a daily report from my server from log watch. Occasionally we have users trying to brute force passwords on the server. I was just wandering if anyone fires off abuse desk complaints in result of these attempts or just ignores them? I know many are just proxied through infected PC's but I am sure not all are.
I added this banner to SSHD sometime back.
==========================================================
Warning - All Access is logged locally and remotely.
Unauthorized access is forbidden and will be prosecuted.
==========================================================
Not sure if it helps but at least anyone that can read english and sees it will know we have explicitly said no trespassing. Also setup my gateway MIkrotik router to watch all SSHD attempts to an unused IP on the router. If it sees 2 failed connection attempts in a 60 second window to an IP no one has any business on it blocks that IP from my entire network(3 Class C's) for 28 days.
Matt
I added this banner to SSHD sometime back.
==========================================================
Warning - All Access is logged locally and remotely.
Unauthorized access is forbidden and will be prosecuted.
==========================================================
Not sure if it helps but at least anyone that can read english and sees it will know we have explicitly said no trespassing. Also setup my gateway MIkrotik router to watch all SSHD attempts to an unused IP on the router. If it sees 2 failed connection attempts in a 60 second window to an IP no one has any business on it blocks that IP from my entire network(3 Class C's) for 28 days.
Matt
Last edited:
