Codebase ya OpenSSH yawonjezera chitetezo chodzitchinjiriza motsutsana ndi kulosera zachinsinsi, pomwe bots amayesa kulosera achinsinsi a wogwiritsa ntchito poyesa kuphatikiza kosiyanasiyana. Kuti aletse kuukira kotereku, parameter ya PerSourcePenalties yawonjezeredwa ku fayilo ya sshd_config kasinthidwe, yomwe imakulolani kufotokozera kutsekera komwe kumayambitsidwa pamene pali chiwerengero chachikulu cha kuyesa kosatheka kugwirizanitsa kuchokera ku adilesi yomweyo ya IP. Njira yatsopano yachitetezo idzaphatikizidwa ndikutulutsidwa kotsatira kwa OpenSSH ndipo idzathandizidwa mwachisawawa mu OpenBSD 7.6.
Chitetezo chikayatsidwa, njira ya sshd imayamba kuyang'anira kutha kwa njira za ana, kuzindikira zochitika pamene kutsimikizika kwalephera kapena pamene njirayo inathetsedwa molakwika chifukwa chakulephera. Kulephera kwakukulu kwa kutsimikizika kumawonetsa kuyesa kulosera mawu achinsinsi, ndipo kuwonongeka kungasonyeze kuyesa kugwiritsa ntchito zofooka mu sshd.
The PerSourcePenalties parameter imatchulanso gawo lochepera la zochitika zachilendo, pambuyo podutsa pomwe adilesi ya IP yomwe zokayikitsa zajambulidwa idzatsekedwa. Pogwiritsa ntchito PerSourceNetBlockSize parameter, mutha kufotokozeranso chigoba cha subnet kuti mutseke subnet yonse yomwe ili ndi vuto la IP.
Kuti mulepheretse kutsekereza kwa ma subnets amtundu uliwonse, gawo la PerSourcePenaltyExemptList laperekedwa, lomwe lingakhale lothandiza pamikhalidwe yomwe imayambitsa zolakwika, mwachitsanzo, seva ya SSH ikapezeka kuchokera pa intaneti yayikulu, zopempha kuchokera kwa ogwiritsa ntchito osiyanasiyana omwe amachokera ku IP yomweyo. chifukwa chogwiritsa ntchito ma adilesi kapena ma proxies omasulira.
Source: opennet.ru
