1 |
----- Original Message ----- |
2 |
From: "Alan McKinnon" <alan.mckinnon@×××××.com> |
3 |
To: <gentoo-user@l.g.o> |
4 |
Sent: Saturday, November 14, 2009 5:42 PM |
5 |
Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd |
6 |
|
7 |
|
8 |
> On Saturday 14 November 2009 23:49:23 Richard Marza wrote: |
9 |
>> I recently check my log files and discovered that there was a dictionary |
10 |
>> attack attempt on my daemons. sshd and vsftpd were the primary targets. |
11 |
>> Is |
12 |
>> there a script or tool to block the offending IP addresses using |
13 |
>> iptables. |
14 |
>> Something that checks to see if a minimum of attempts has occured and |
15 |
>> blocks them indefinitely based on that? |
16 |
> |
17 |
> |
18 |
> There are HUNDREDS of such solutions out there. Did you even try to Google |
19 |
> first? |
20 |
> |
21 |
> fail2ban & denyhosts are quite popular and get the job done. |
22 |
> |
23 |
> OSSEC is a full blown IDS that I use at work, it functions very well but |
24 |
> is |
25 |
> probably overkill for your needs. |
26 |
> |
27 |
> Last hint: You do NOT want to block hosts permanently. Your logs will |
28 |
> empty |
29 |
> sure enough, but sooner or later you will lock yourself out, or you will |
30 |
> lock |
31 |
> out people you really do want to access your services. |
32 |
> |
33 |
> -- |
34 |
> alan dot mckinnon at gmail dot com |
35 |
> |
36 |
|
37 |
|
38 |
Thank you for the information, I did find that denyhost and fail2ban in |
39 |
threads but there were issues with it not working properly. Some users |
40 |
created custom scripts to get the job done correctly. I did try google. I |
41 |
guess it's no longer my friend. Will try to use another search engine next |
42 |
time. |