Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm too lazy and too stupid to put in denyhosts or any of the other anti-guessing software, but I have put in a 7-second delay on password-authenticated SSH logins, as per http://www.aerospacesoftware.com/howtos/ssh-kiddies.html That makes my sshd less a honeypot and more a tarpit.

I also put in an output line so I can see what passwords they're guessing.



FWIW, denyhosts and mod-security don't seem to require any real additional configuration beyond just installing them on Ubuntu 10.10 (and copying the example config for mod-security from /usr/share/doc/mod-security-common/examples).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: