an OpenSSH service open to the Internet is naturally subject to intrusion attempts.
Artica can be equipped with CrowdSec, a tool dedicated to responding to brute-force attacks, but there is a simpler method.This feature is available with Artica v4.50 Service Pack1 or Artica v4.50 HotFix 20240211
- When too many authentication attempts fail on the OpenSSH server, it complains that an address is sending too many authentication requests.
- By default, Artica only reports the attack, but you can make Artica react immediately.
This will authorize Artica to create a firewall deny rule for the source IP address during 4 hours. - On
Your Server > OpenSSH server, click onFireWall protectionlink. - Turn on the feature.
- Artica's reports will change and will be associated with the term
[BLOCK], indicating that the address is blocked for 4 hours.
