We get them by the shedload on our work hosting server. We run CPHulk on there to keep
them out. I'd suggest implementing some kind of 'block IP for 24 hrs after x
failed logins' scheme if you can. That usually forces them to move on.
On 26 Nov 2013 22:32, "Sampsa Laine" <sampsa at mac.com> wrote:
Am I the only one who's almost constantly being hit by login scans (usually from China
or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger
scan so if you guys are getting hit as well, I won't worry that I'm being targeted
:)
sampsa <sampsa at mac.com>
mobile +44 7961 149465