• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

How do you automatically block ip addresses of machines that tries to shh into your server?

Dear Experts,

How do you automatically block ip addresses of machines that tries to shh into your server (debian)?

Thank you :)
0
jsissopainful
Asked:
jsissopainful
2 Solutions
 
amit_gCommented:
0
 
Kamran ArshadIT AssociateCommented:
DenyHosts is a nice option. You may also wanna have something for brute force detection. BFD is a nice option for it:

http://rfxnetworks.com/bfd.php
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Pétur Ingi EgilssonSoftware Engineer -- ConsultantCommented:
fail2ban scans thro your log files and detects strange login behaviour : http://www.fail2ban.org/wiki/index.php/Main_Page
I use it to add DENY rules to iptables ( for 7 days )for IP's who try to log 3x into my server with failed attempts.
After 7 days fail2ban remove that firewall rule so the ip can try again. ( ofcourse it's up to you for how many days you choose to ban it )

It can also send you daily reports via email.
0
 
Kamran ArshadIT AssociateCommented:
PeturIngiEgilsson!

Fail2ban seems very promising tool. Thanks for sharing it.
0
 
joolsCommented:
I use denyhosts (suggested by amit_g) on a production server, it cut down the logs of connection attemptsfrom about 10 pages to just one.

Easy to configure and it just runs away, no intervention needed (unless someone accidentally locks themselves out).

I'd definately use it again.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now