cPHulk and botnet

**Esky** · 06-21-2010 04:03 AM

For a few days now tons of IP's have been trying to gain access to our servers via ssh, so I suspect a botnet. every morning my mailbox is filled with hundreds of mails per server from cPHulk saying it banned IP's.

What I'm wondering is if there is a way to stop or prevent this kind of botnet attacks.

**TSJaysonG** · 06-21-2010 05:18 PM

You could use tcpwrappers to protect the SSHd service and only allow certain IPs access. This would prevent them from being able to even authenticate to the server and would just discard their connection.

You could also change the SSH port to a different port.

Other than that you would need some sort of network firewall to filter the connections out at the network level before it reaches the server.

**jerrybell** · 06-24-2010 04:27 PM

I am having this problem as well. I implemented ssh guard (Sshguard), which updates the firewall rules as brute force attacks are identified. It works quite well.

LinkBack

Thread Tools

cPHulk and botnet

CPHulk locked me out

My server is under SYN and/or botnet, how can I prevent this attack?

Cphulk.

cphulk

cphulk configuration