Blocking Brute Force Attacks - cleartext and weak ciphers
I'm curious how others handle the flurry of messages in the secure log concerning remote IPs that band on SSH using either cleartext or weak ciphers. Just this morning, I had a remote IP try to connect about 1,500 times in a little over an hour. Roughly 20% of my log file lines have to do with this issue. I would like to be able to ban IPs after they reach a threshold. I'm thinking of installing fail2ban to deal with this issue, but I am curious to hear what everyone has to say.
Thanks,
-
Hello, Do you have SSH running on a custom port and still receive these brute force attempts? There's a guide here that may also interest you: [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) Thank you. 0
Please sign in to leave a comment.
Comments
1 comment