On Sep 22, 2019, at 11:29 PM, Plutocrat <plutocrat@gmail.com> wrote:
This is probably quite an easy question, but I haven't been able to find the answer. I'm running a server where all the email addresses are in the format "user@domain.com". I've noticed that a large number of fake login attempts use the format "user" eg. reception, service, root, admin.
Is it possible to prevent any such logins to these email users without an @domain.com?
Are users able to login without the @domain part?
Or maybe ignore them. Or drop them from the logging.
As Bernd said, fail2ban will ban these Its from repeatedly trying to login, but they will still be logged.
There is also sshguard that will do the same thing.
One of these should probably be running anyway as they help mitigate issues where someone keep hammering on your system, however in the days of DDOS, they are less helpful than they used to be.
-- MEGAHAL: within my penguin lies a torrid story of hate and love.