[ previous ] [ next ] [ threads ]
 From:  Steve Yates <steve at teamITS dot com>
 To:  Peter at iwebsl dot com
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] loadable block lists
 Date:  Tue, 13 Sep 2005 09:36:55 -0500
On Tue, 13 Sep 2005 09:15:13 -0400
Peter <peter at iwebsl dot com> wrote:

> I run a web site that is continually under attack by script kiddies with password hurlers.

	Is this SSH/telnet?  See http://www.teamITS.com/resources/ for
one idea.  In our experience these attacks probably run from zombie PCs
since they don't seem to repeat very often, if at all.  Once an IP is
blocked and can't connect it moves on and doesn't try again.  You could
adapt the idea if you are using web authentication, to save the
connecting IP via your authentication script and programmatically add
your /etc/hosts entries for port 80.

 - Steve Yates
 - ITS, Inc.
 - Nightmare: Cat with opposable thumbs.

~ Taglines by Taglinator 4 - www.srtware.com ~