What would you do? Brute Force Warnings

Posted: Thu Jun 22, 2006 1:36 pm

Last week I switched from a shared hosting account to a VPS. (Great, eh! Pay more money and have more work to do and another learning curve to scale! <rolling eyes>)

Anyways, one of the things I've been wondering is about Brute Force Warnings. I'm getting them an average of a few times a day. No one is getting in and the IP is getting banned after x attempts, so that's all good. But what I'd like to know is how others deal with this. And where is the linux config file that directs the number of attempts before banning? In one of the warnings my system didn't ban the IP until 100+ attempts. This attempt number is all over the place. Seems like 10 should be sufficient.

Attempts vary from 100 tries at root/password and then every user name in the male gender name book. lol

I've changed my password to something as difficult I as I can imagine.

I whois on the IP and wonder what to do next....
Send off an irate email with log copies.
or Send off log copies only.
or As long as nothing was broken, no worries, it happens too frequently to get upset about.

Being that all this is a hobby and I'd rather spend my time with php/mysql over Cron anyday, all comments and ideas are welcome.

As always, if you can find the time, have a happy nuking day.

Sells PC To Pay For Divorce Joined: Posts: 5661

mmm,not many high hopes on that CodyG..
there isnt much you can do in simple actions but you could take a step higher with this...
but raven is most qualified in answering this but here's my 10 cents..
[ Only registered users can see links on this board! Get registered or login! ]

Site Admin Joined: Jun 04, 2004 Posts: 6432

Nice link. It would be great if you could monetize that in some way... Guardian2003 found a nice way to make some $ from script-kiddie attackers:
[ Only registered users can see links on this board! Get registered or login! ]

WIth a little modification, this could probably be used for other purposes...