Using other blacklists for host blocking?
Gregg Lain
gregg at mochabomb.com
Mon Dec 1 10:03:51 GMT 2008
Ever tried denyhosts? It also has a feature where other denyhosts boxes
feed a central
DB of failures - and those common entries are updated hourly in
/etc/hosts.deny -
worked well to block out those mismanaged boxes.
Also, I suggest moving the ssh port - I moved mine to a port above 1500
and been over 16 months and still not one hit yet. Its in the middle of
a range protected by portsentry - I am sure if some hacker tried to
they could find the port, but they have not yet..
Also junkemailfilter.com (
http://www.junkemailfilter.com/spam/how_it_works.html )
is a very good read - implemented the fake MX records
and spam dropped to near nil.. In fact when I broke my perl install but
using both
rpm and cpan, ran for 2 months on one install w/o mailscanner and barely
any spam...
/Gregg
Garry wrote:
> Seeing the rising amount of failed SSH attempts to several of the boxes
> I have, I was wondering ... has anyone here tried to use some other
> blacklists to block incoming MTA access?
>
> Assuming that a large amount of spam is delivered through botnets, which
> may also be used for other types of attacks, using data from one attack
> vector might be helpful in taking care of other things, too ...
> especially as things like failed SSH connections are more objective than
> deciding whether a mail is spam or not ...
>
> Any comments?
>
> -garry
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gregg.vcf
Type: text/x-vcard
Size: 186 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081201/a3eef402/gregg.vcf
More information about the MailScanner
mailing list