Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Sat, Nov 14, 2009 at 07:07:28PM -0500, Richard Marza wrote Thank you for the information, I did find that denyhost and fail2ban in threads but there were issues with it not working properly. Some users created custom scripts to get the job done correctly. Have you considered not allowing password-based logins at all for ssh? Use RSA keys instead. It's much easier, and much more secure. -- Walter Dnes waltd...@waltdnes.org
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Sunday 15 November 2009 08:21:55 Walter Dnes wrote: On Sat, Nov 14, 2009 at 07:07:28PM -0500, Richard Marza wrote Thank you for the information, I did find that denyhost and fail2ban in threads but there were issues with it not working properly. Some users created custom scripts to get the job done correctly. Have you considered not allowing password-based logins at all for ssh? Use RSA keys instead. It's much easier, and much more secure. fail2ban and/or denyhosts is still very useful with key-only auth, even if only to get the spam out of messages and into the iptables logs -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Sun, 15 Nov 2009 01:21:55 -0500, Walter Dnes wrote: Have you considered not allowing password-based logins at all for ssh? Use RSA keys instead. It's much easier, and much more secure. That doesn't stop the attempts. -- Neil Bothwick Quantum leap: (adj.) literally, to move by the smallest amount theoretically possible. In advertising, to move by the largest leap imaginable (in the mind of the advertiser). There is no contradiction. signature.asc Description: PGP signature
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
Richard Marza schrieb: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? Regards, Richard M. Hi, I am using that script: http://blinkeye.ch/dokuwiki/doku.php/projects/blacklist kh
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
- Original Message - From: KH gentoo-u...@konstantinhansen.de To: gentoo-user@lists.gentoo.org Sent: Sunday, November 15, 2009 6:22 AM Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd Richard Marza schrieb: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? Regards, Richard M. Hi, I am using that script: http://blinkeye.ch/dokuwiki/doku.php/projects/blacklist kh This is perfect and more straight-forward than the alternatives. I'm surprised this isn't one of the most mentioned or talked about in the threads. Thank you all.
[gentoo-user] Blocking login attempts to sshd and vsftpd
I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? Regards, Richard M.
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
Richard Marza writes: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? I am using net-analyzer/fail2ban for this. There is also app- admin/denyhosts, which gets a list of offending IPs from a server. But it may only be for SSH. Wonko
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
On Saturday 14 November 2009 23:49:23 Richard Marza wrote: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? There are HUNDREDS of such solutions out there. Did you even try to Google first? fail2ban denyhosts are quite popular and get the job done. OSSEC is a full blown IDS that I use at work, it functions very well but is probably overkill for your needs. Last hint: You do NOT want to block hosts permanently. Your logs will empty sure enough, but sooner or later you will lock yourself out, or you will lock out people you really do want to access your services. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Blocking login attempts to sshd and vsftpd
- Original Message - From: Alan McKinnon alan.mckin...@gmail.com To: gentoo-user@lists.gentoo.org Sent: Saturday, November 14, 2009 5:42 PM Subject: Re: [gentoo-user] Blocking login attempts to sshd and vsftpd On Saturday 14 November 2009 23:49:23 Richard Marza wrote: I recently check my log files and discovered that there was a dictionary attack attempt on my daemons. sshd and vsftpd were the primary targets. Is there a script or tool to block the offending IP addresses using iptables. Something that checks to see if a minimum of attempts has occured and blocks them indefinitely based on that? There are HUNDREDS of such solutions out there. Did you even try to Google first? fail2ban denyhosts are quite popular and get the job done. OSSEC is a full blown IDS that I use at work, it functions very well but is probably overkill for your needs. Last hint: You do NOT want to block hosts permanently. Your logs will empty sure enough, but sooner or later you will lock yourself out, or you will lock out people you really do want to access your services. -- alan dot mckinnon at gmail dot com Thank you for the information, I did find that denyhost and fail2ban in threads but there were issues with it not working properly. Some users created custom scripts to get the job done correctly. I did try google. I guess it's no longer my friend. Will try to use another search engine next time.
