Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How do you automatically block ip addresses of machines that tries to shh into your server?

Posted on 2008-06-15
6
251 Views
Last Modified: 2013-12-16
Dear Experts,

How do you automatically block ip addresses of machines that tries to shh into your server (debian)?

Thank you :)
0
Comment
Question by:jsissopainful
6 Comments
 
LVL 58

Assisted Solution

by:amit_g
amit_g earned 50 total points
ID: 21790296
0
 
LVL 12

Expert Comment

by:ibu1
ID: 21790979
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21791401
DenyHosts is a nice option. You may also wanna have something for brute force detection. BFD is a nice option for it:

http://rfxnetworks.com/bfd.php
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 10

Accepted Solution

by:
PeturIngiEgilsson earned 75 total points
ID: 21794675
fail2ban scans thro your log files and detects strange login behaviour : http://www.fail2ban.org/wiki/index.php/Main_Page
I use it to add DENY rules to iptables ( for 7 days )for IP's who try to log 3x into my server with failed attempts.
After 7 days fail2ban remove that firewall rule so the ip can try again. ( ofcourse it's up to you for how many days you choose to ban it )

It can also send you daily reports via email.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21795161
PeturIngiEgilsson!

Fail2ban seems very promising tool. Thanks for sharing it.
0
 
LVL 19

Expert Comment

by:jools
ID: 21803166
I use denyhosts (suggested by amit_g) on a production server, it cut down the logs of connection attemptsfrom about 10 pages to just one.

Easy to configure and it just runs away, no intervention needed (unless someone accidentally locks themselves out).

I'd definately use it again.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question