Menu
▾
▴
Re: [Sshguard-users] blacklisting IPs that are whitelisted
|
From: Kevin Z. <kev...@gm...> - 2015-07-23 23:47:58
|
On 07/24/2015 02:53, @lbutlr wrote: > If there were a reliable way to block all of russia and china, that > would be great. Heck, other than a few connections from Western > Europe and Africa I could safely block the rest of the world. Here's a list of CIDR blocks by country: http://www.ipdeny.com/ipblocks/ You don't need SSHGuard to block these. > I would like to tune the behavior a bit (for example, attempts to ssh > as root should count for like 21 so that two attempts result in a > blacklist. (since I do not allow ssh access to the root account). This idea was thrown around on the mailing list a short while ago, but I haven't gotten around to start looking at it, yet. Most of the changes probably involve updating the lexer/parser to spit out the username (if available), but this is not as trivial as it sounds. Best, Kevin Zheng -- Kevin Zheng kev...@gm... | ke...@kd... | PGP: 0xC22E1090 |
