My Host says im under a Brute Force SSH Attack.

They told me to set up firewall [iptables]

Problem is i never used SSH and have no clue on the settings.

I have had my VB site since 05 and never had any problems with attacks.

So now it is time to learn SSH.

When setting up SSH, what Bin should be used on the server? ( See Attachment )

Does this code look right:

iptables -N SSH_CHECK

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK

iptables -A SSH_CHECK -m recent --set --name SSH

iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

Also is there any other instructions after using the above code?

Like Rebooting server, ect?

Thanks
Am-fs

Just disable Password Authentication and switch to Pubkey authentication to get rid of this

Thanks for the response Angel-Wings

Is this what your talking about?
http://wiki.joyent.com/accelerators:kb:ssh:public-key-only

I have no experience with ssh so if you have a link that would be great.

am-fs

nano /etc/hosts.allow

add this in the file and save the file (add a backup IP so you dont have to call your host):
sshd:xx.xx.xx.xx, xx.xx.xx.xx.xx, xx.xx.xx.xx

nano /etc/hosts.deny

add this to the file and save:
sshd:ALL

This will stop ssh from answering to anyone except the IP's you list in hosts.allow

You can also change ssh's port it answers on, this file depends on the OS your running, ill assume centcrapOS
nano /etc/ssh/sshd_config

Change this:
# What ports, IPs and protocols we listen for
Port 22 to post 2200 or 2222 etc and save the faile.

/etc/rc.d/init.d/sshd restart ( You can restart it even when your logged in)