Should probably implement something like this -- Regards, Olav
--- Begin Message ---
- From: Lance Albertson <lance osuosl org>
- To: hosting osuosl org
- Subject: [Hosting] denyhosts recommendation
- Date: Wed, 15 Jul 2009 11:19:01 -0500
Last night most of our network were scanned and nearly DoS'd by an ssh worm and caused many hosts to have their sshd to timeout. I noticed that none of the OSL managed hosts were affected by the worm and concluded that most of you aren't running denyhosts [1]. I _highly_ recommend that all of you consider installing denyhosts or something similar to mitigate the constant ssh worms that roam the internet. For most situations, simply installing it and starting the daemon will do the job. It just scans the system ssh log for failed attempts and adds them to hosts.deny. But I do recommend you at least check out the config file to see if you want to adjust any settings. Please let me know if you have any questions! Thanks- [1] http://denyhosts.sourceforge.net/ -- Lance Albertson lance <at> osuosl.org Systems Administrator / Architect Open Source Lab Network Services Oregon State University Work: 541-737-9975 PGP Key: 0x27F4B742 GPG Fingerprint 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742Attachment: signature.asc
Description: OpenPGP digital signature_______________________________________________ Hosting mailing list Hosting osuosl org http://lists.osuosl.org/mailman/listinfo/hosting
--- End Message ---