Kris Jurka wrote:
>
>
> On Wed, 26 Nov 2008, Dave Page wrote:
>
>>
>> It's the same IP address - but try port 35 for ssh. Marc changed it
>> (temporarily) due to a vast number of malicious connection attempts.
>>
>
> Why wasn't this change communicated to anyone, not even gforge-admins?
> How temporary is temporary?
>
> Kris Jurka
>
I can't speak to the administrative and communications aspects, but
based on my experience, I can recommend communicating to the appropriate
users and making the change permanent.
I have changed the external ssh port on all machines I administer. The
result is the complete elimination of the previous hundreds to thousands
of daily script-kiddie brute-force attempts I used to see.
Obscurity should not be your *only* line of defense, but camouflage
helps as well. And even if it didn't, it still reduces server-load,
bandwidth and heaps of logfile cruft.
Cheers,
Steve
