Hi, > Harry Enke wrote: > > Hi, > > there is an easy configurable tool for preventing brute force attacks, > > it's called "fail2ban". It sifts through logs for attacks on security > > critical ports and blocks login attempts from ip-addresses which fail > > too often in too short a timeframe (configurable). > > > > http://www.fail2ban.org
I've personally been using: http://www.aczoom.com/cms/blockhosts for years now for customers that need ports open to the public internet (ftp, ssh, etc). BlockHosts can work with various services out-of-the-box and handles hosts.allow/deny files and/or iptables rules. It also has web interfaces to display blocked lists and GeoIP maps if you want them. > Is this in error? > "Fail2ban scans log files like /var/log/pwdfail or > /var/log/apache/error_log and bans IP that makes too many password > failures. It updates firewall rules to reject the IP address." > > Examining logs after the event does not provide real-time protection. I'm not after real-time, the above is good enough for me but I'm interested in your comment. Is there a better software solution out there? Michael.
