Wurm
07-17-2005, 01:22 AM
Is this possible? I've got a machine with SSH open to the world and I fairly regularly get
...
Jul 14 14:52:28 localhost sshd[9303]: Invalid user balin from ::ffff:67.106.10.101
Jul 14 14:52:30 localhost sshd[9305]: Invalid user balk from ::ffff:67.106.10.101
Jul 14 14:52:31 localhost sshd[9307]: Invalid user ball from ::ffff:67.106.10.101
Jul 14 14:52:32 localhost sshd[9309]: Invalid user bulk from ::ffff:67.106.10.101
...
in my /var/log/auth.log. Is there a way (script, program) to dynamically add the appropriate IP to iptables and have it drop the connections?
Running Kubuntu 5.04, also used Webmin to setup initial iptables rules as I had no idea how to do that (if it matters).
...
Jul 14 14:52:28 localhost sshd[9303]: Invalid user balin from ::ffff:67.106.10.101
Jul 14 14:52:30 localhost sshd[9305]: Invalid user balk from ::ffff:67.106.10.101
Jul 14 14:52:31 localhost sshd[9307]: Invalid user ball from ::ffff:67.106.10.101
Jul 14 14:52:32 localhost sshd[9309]: Invalid user bulk from ::ffff:67.106.10.101
...
in my /var/log/auth.log. Is there a way (script, program) to dynamically add the appropriate IP to iptables and have it drop the connections?
Running Kubuntu 5.04, also used Webmin to setup initial iptables rules as I had no idea how to do that (if it matters).