if you have many of these in your log:
Nov 8 13:55:47 www sshd[12571]: Failed password for invalid user webmaster from 189.180.184.89 port 47706 ssh2
you can use iptables to stop them for a while, so their brute force will take years to succeed, if ever.
I added some rules so that only 5 connections can be made in a minute to ssh, if one more is attempted the
host will be banned for 2 minutes, if more connections are retried, the ban is extended. since the bots can’t
help themselves they wont’ stop, so they’ll be banned for a real while 🙂
iptables -N SSH_WHITELIST iptables -A SSH_WHITELIST -s 175.161.21.55 -m recent --remove --name SSH -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name SSH -j ULOG --ulog-prefix SSH_brute_force iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 6 --rttl --name SSH -j DROP