Break-in Attempts
David Bandel
david.bandel
Sun Jan 8 20:51:28 PST 2006
On 1/8/06, Federico Voges <ftc at ftc.com.ar> wrote:
> A. Khattri wrote:
> On Sun, 8 Jan 2006, Kurt Wall wrote:
>
>
>
> And 2504 of these:
>
> sshd[24075]: Failed password for nobody from 220.163.44.81 port 49155 ssh2
> sshd[24079]: Failed password for invalid user patrick from 220.163.44.81
> port 49195 ssh2
> sshd[24083]: Failed password for invalid user patrick from 220.163.44.81
> port 49225 ssh2
>
> I run denyhosts on my boxes to thwart these:
> http://denyhosts.sourceforge.net/
>
>
>
> I use a quick & dirty script on my hosting server. But denyhosts looks very
> promising. I've already installed it on my home server (already blocked some
> IPs)..
>
> Thanks for the tip :)
>
denyhosts uses /etc/hosts.deny to block.
fail2ban uses iptables to do its blocking. fail2ban will also block
against attacks on your web server if you use authentication for any
pages. In fact, it can be easily expanded to read any log file for
any particular string and read the IP and block it.
those using debian, just apt-get install fail2ban
Different strokes.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list