[mythtv-users] Semi-OT: Blocking Brute Force SSH attacks
Justin Smith
justin at smithpolglase.com
Sun Oct 21 12:21:01 UTC 2007
> Jay R. Ashworth wrote:
>> > If you've tunneled SSH traffic through to your Mythbox, you're likely
>> > the target of brute-force SSH attacks, some of which might well work.
>> >
>> > The most elegant solution I've found so far is here:
>> >
>> > http://www.la-samhna.de/library/brutessh.html#5
>> >
>> > This won't block attacks that "know" about a specific bug in your sshd,
>> > so you need to stay updated, but for the dictionary attacks it will
>> > work nicely, and it'll sure keep your logs from growing without
>> > bounds...
>
> I use one called DenyHosts (http://denyhosts.sourceforge.net/) which is
> very flexible and powerful; nearly completely automatic once set up.
I use fail2ban which is a python script which monitors log files for repeated
failed authentications, then blocks the respective IP address temporarily using
iptables. As well as ssh, it can also be easily set up for apache, ftp, mail, etc.
I have set up to email me when it blocks an IP address. I get around 5 emails a day.
http://www.fail2ban.org/
It's available as a package for the common distributions.
Cheers,
Justin.
More information about the mythtv-users
mailing list