On Mon, 03 Sep 2007, John Kelly wrote: > I stop brute force attacks by sending auth log messages to a FIFO > which I read with a perl script. After 10 login failures, your IP is > firewalled for 24 hours.
fail2ban is an easy way to do this (for ssh and optionally anything else that people will try to bruteforce.) Description: bans IPs that cause multiple authentication errors Monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. The software was completely rewritten at version 0.7.0 and now allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. Currently, by default, supports ssh/apache/vsftpd but configuration can be easily extended for monitoring any other ASCII file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. . Homepage: http://www.fail2ban.org Don Armstrong -- The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair. -- Douglas Adams _Mostly Harmless_ http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
