Using other blacklists for host blocking?

Gregg Lain gregg at mochabomb.com
Mon Dec 1 10:03:51 GMT 2008


Ever tried denyhosts?  It also has a feature where other denyhosts boxes 
feed a central
DB of failures - and those common entries are updated hourly in 
/etc/hosts.deny -
worked well to block out those mismanaged boxes.

Also, I suggest moving the ssh port - I moved mine to a port above 1500 
and been over 16 months and still not one hit yet.  Its in the middle of 
a range protected by portsentry - I am sure if some hacker tried to
they could find the port, but they have not yet..

Also junkemailfilter.com ( 
http://www.junkemailfilter.com/spam/how_it_works.html )
is a very good read - implemented the fake MX records
and spam dropped to near nil.. In fact when I broke my perl install but 
using both
rpm and cpan, ran for 2 months on one install w/o mailscanner and barely 
any spam...

/Gregg

Garry wrote:
> Seeing the rising amount of failed SSH attempts to several of the boxes
> I have, I was wondering ... has anyone here tried to use some other
> blacklists to block incoming MTA access?
>
> Assuming that a large amount of spam is delivered through botnets, which
> may also be used for other types of attacks, using data from one attack
> vector might be helpful in taking care of other things, too ...
> especially as things like failed SSH connections are more objective than
> deciding whether a mail is spam or not ...
>
> Any comments?
>
> -garry
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gregg.vcf
Type: text/x-vcard
Size: 186 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20081201/a3eef402/gregg.vcf


More information about the MailScanner mailing list