For the past 2 days out of 3 that I had SSH set up (Just reinstalled Debian), I kept getting like 30 connections at a time from Chinese IP Addresses (118.122.37.197 and 219.136.246.22) trying to get into my root account. Of course they never succeeded (as I disabled root login when I first set up ssh). I was wondering if I could block all connections from China.
I already set up two rules in iptables that automatically drops all connections from those IP addresses, but I dont want any more connection attempts clogging up my /var/log/auth.log file (Running Debian Squeeze, and that's how I found out about these unfortunate connections).
I was thinking maybe automatically permanently blocking any ip that has ten consecutive ssh login fails, or a reverse-ip lookup of all ssh connections. Is there any way to accomplish this?
My apologies to anybody that may take offense to this (as I want to block off an entire country from my computer), but at first I was laughing my butt off, but now that this has happened a second time the joke has gotten old and I want it to stop.
[link] [25 comments]