What can I do about my server being brute force attacked ?

Question

My server ' serena' is being attacked once a second for 8 hour blocks. The auth.log extract is below:
Oct 2 10:48:03 serena sshd[19908]: Invalid user test from 85.214.90.79
Oct 2 10:48:03 serena sshd[19911]: Invalid user admin from 85.214.90.79
Oct 2 10:48:04 serena sshd[19913]: Invalid user guest from 85.214.90.79
Oct 2 10:48:06 serena sshd[19917]: Invalid user webmaster from 85.214.90.79
Oct 2 10:48:07 serena sshd[19919]: Invalid user testing from 85.214.90.79
Oct 2 10:48:08 serena sshd[19921]: Invalid user tester from 85.214.90.79
Oct 2 10:48:10 serena sshd[19927]: Invalid user EDI from 85.214.90.79
Oct 2 10:48:11 serena sshd[19929]: Invalid user EDI from 85.214.90.79
Oct 2 10:48:12 serena sshd[19931]: Invalid user EDI from 85.214.90.79
Oct 2 10:48:12 serena sshd[19933]: Invalid user webpage from 85.214.90.79
Oct 2 10:48:13 serena sshd[19935]: Invalid user genesis from 85.214.90.79
Oct 2 10:48:14 serena sshd[19937]: Invalid user qw from 85.214.90.79
Oct 2

Answer 1

assumingly, you are using linux, you can install a plug in module for the ssh, calle PAM abl (auto blacklist)
it basically keeps track of the incoming authentication, by running its own little db, and you config the rules.

refer to the URLs

Answer 2

This ip address comes from Germany.Unless it was spoofed.And that is doubtful. Most likely a script kiddie. Here is the Email address where you can report the hacking. abuse@strato.de This was found while doing a Whois query on the ip address listed in your logs. Set your server up so that after a certain amount of failed login attempts from the same ip address, that ip address will be locked out from trying for awhile.This will keep a hacker from using a brute force program against your server.

Answer 3

You should be able to block the IP address from making any further web page requests through the administration tools of your server.

Answer 4

This may help:http://www.webhostgear.com/240.html