| 1 |
----- Original Message ----- |
| 2 |
From: "Alan McKinnon" <alan.mckinnon@×××××.com> |
| 3 |
To: <gentoo-user@l.g.o> |
| 4 |
Sent: Saturday, November 14, 2009 5:42 PM |
| 5 |
Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd |
| 6 |
|
| 7 |
|
| 8 |
> On Saturday 14 November 2009 23:49:23 Richard Marza wrote: |
| 9 |
>> I recently check my log files and discovered that there was a dictionary |
| 10 |
>> attack attempt on my daemons. sshd and vsftpd were the primary targets. |
| 11 |
>> Is |
| 12 |
>> there a script or tool to block the offending IP addresses using |
| 13 |
>> iptables. |
| 14 |
>> Something that checks to see if a minimum of attempts has occured and |
| 15 |
>> blocks them indefinitely based on that? |
| 16 |
> |
| 17 |
> |
| 18 |
> There are HUNDREDS of such solutions out there. Did you even try to Google |
| 19 |
> first? |
| 20 |
> |
| 21 |
> fail2ban & denyhosts are quite popular and get the job done. |
| 22 |
> |
| 23 |
> OSSEC is a full blown IDS that I use at work, it functions very well but |
| 24 |
> is |
| 25 |
> probably overkill for your needs. |
| 26 |
> |
| 27 |
> Last hint: You do NOT want to block hosts permanently. Your logs will |
| 28 |
> empty |
| 29 |
> sure enough, but sooner or later you will lock yourself out, or you will |
| 30 |
> lock |
| 31 |
> out people you really do want to access your services. |
| 32 |
> |
| 33 |
> -- |
| 34 |
> alan dot mckinnon at gmail dot com |
| 35 |
> |
| 36 |
|
| 37 |
|
| 38 |
Thank you for the information, I did find that denyhost and fail2ban in |
| 39 |
threads but there were issues with it not working properly. Some users |
| 40 |
created custom scripts to get the job done correctly. I did try google. I |
| 41 |
guess it's no longer my friend. Will try to use another search engine next |
| 42 |
time. |
Archives