1 |
On Saturday 14 November 2009 23:49:23 Richard Marza wrote: |
2 |
> I recently check my log files and discovered that there was a dictionary |
3 |
> attack attempt on my daemons. sshd and vsftpd were the primary targets. Is |
4 |
> there a script or tool to block the offending IP addresses using iptables. |
5 |
> Something that checks to see if a minimum of attempts has occured and |
6 |
> blocks them indefinitely based on that? |
7 |
|
8 |
|
9 |
There are HUNDREDS of such solutions out there. Did you even try to Google |
10 |
first? |
11 |
|
12 |
fail2ban & denyhosts are quite popular and get the job done. |
13 |
|
14 |
OSSEC is a full blown IDS that I use at work, it functions very well but is |
15 |
probably overkill for your needs. |
16 |
|
17 |
Last hint: You do NOT want to block hosts permanently. Your logs will empty |
18 |
sure enough, but sooner or later you will lock yourself out, or you will lock |
19 |
out people you really do want to access your services. |
20 |
|
21 |
-- |
22 |
alan dot mckinnon at gmail dot com |