----- Original Message -----
From: "Alan McKinnon" <alan.mckin...@gmail.com>
To: <gentoo-user@lists.gentoo.org>
Sent: Saturday, November 14, 2009 5:42 PM
Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Saturday 14 November 2009 23:49:23 Richard Marza wrote:
I recently check my log files and discovered that there was a dictionary
attack attempt on my daemons. sshd and vsftpd were the primary targets.
Is
there a script or tool to block the offending IP addresses using
iptables.
Something that checks to see if a minimum of attempts has occured and
blocks them indefinitely based on that?
There are HUNDREDS of such solutions out there. Did you even try to Google
first?
fail2ban & denyhosts are quite popular and get the job done.
OSSEC is a full blown IDS that I use at work, it functions very well but
is
probably overkill for your needs.
Last hint: You do NOT want to block hosts permanently. Your logs will
empty
sure enough, but sooner or later you will lock yourself out, or you will
lock
out people you really do want to access your services.
--
alan dot mckinnon at gmail dot com
Thank you for the information, I did find that denyhost and fail2ban in
threads but there were issues with it not working properly. Some users
created custom scripts to get the job done correctly. I did try google. I
guess it's no longer my friend. Will try to use another search engine next
time.
