Comment Re:Highly annoying (Score 1) 360
I've been running it thru cron at rather short intervals for 6 months now, and dropped 340 ips into hosts.deny.
One possible improvement -- have your script run whenever there's an ssh login:
hosts.allow
-----------
sshd: ALL EXCEPT /etc/ssh/sshd_deny_list \
: spawn (/etc/cron.d/check_for_ssh_scans) & \
: ALLOW
Where the script "check_for_ssh_scans" adds any offending IPs it finds to /etc/ssh/sshd_deny_list.
One possible improvement -- have your script run whenever there's an ssh login:
hosts.allow
-----------
sshd: ALL EXCEPT
: spawn (/etc/cron.d/check_for_ssh_scans) & \
: ALLOW
Where the script "check_for_ssh_scans" adds any offending IPs it finds to