[Full-disclosure] SSH Bruteforce blocking script
Gerald Holl
gerald at holl.co.at
Sat Sep 3 21:00:12 BST 2005
On 2005-09-02 09:37, Michael L Benjamin wrote:
> Here is a simple script I've coded up that I use on 3 of my RedHat
> Enterprise Linux 3 (RHEL3) servers. I decided to do this after seeing the
> amount of activity from places like China/Korea/Taiwan in relation to
> SSH brute force probes. I'll throw it open here for
> analysis/suggestions. It
> leverages off the TCPWrappers /etc/hosts.deny /etc/hosts.allow
> functionality.
Hello,
Nice script!
Although I think it's a good way to list that brute force IPs in
/etc/hosts.deny there is another good script that uses iptables to block
the IPs:
http://fail2ban.sourceforge.net/
It works with apache logfiles too.
cheers,
--
Gerald Holl
http://holl.co.at
Full-Disclosure is hosted and sponsored by Secunia.