Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do you automatically block ip addresses of machines that tries to shh into your server?

Posted on 2008-06-15
6
Medium Priority
?
256 Views
Last Modified: 2013-12-16
Dear Experts,

How do you automatically block ip addresses of machines that tries to shh into your server (debian)?

Thank you :)
0
Comment
Question by:jsissopainful
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 58

Assisted Solution

by:amit_g
amit_g earned 200 total points
ID: 21790296
0
 
LVL 12

Expert Comment

by:ibu1
ID: 21790979
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21791401
DenyHosts is a nice option. You may also wanna have something for brute force detection. BFD is a nice option for it:

http://rfxnetworks.com/bfd.php
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Accepted Solution

by:
Pétur Ingi Egilsson earned 300 total points
ID: 21794675
fail2ban scans thro your log files and detects strange login behaviour : http://www.fail2ban.org/wiki/index.php/Main_Page
I use it to add DENY rules to iptables ( for 7 days )for IP's who try to log 3x into my server with failed attempts.
After 7 days fail2ban remove that firewall rule so the ip can try again. ( ofcourse it's up to you for how many days you choose to ban it )

It can also send you daily reports via email.
0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21795161
PeturIngiEgilsson!

Fail2ban seems very promising tool. Thanks for sharing it.
0
 
LVL 19

Expert Comment

by:jools
ID: 21803166
I use denyhosts (suggested by amit_g) on a production server, it cut down the logs of connection attemptsfrom about 10 pages to just one.

Easy to configure and it just runs away, no intervention needed (unless someone accidentally locks themselves out).

I'd definately use it again.
0

Featured Post

RHCE - Red Hat OpenStack Prep Course

This course will provide in-depth training so that students who currently hold the EX200 & EX210 certifications can sit for the EX310 exam. Students will learn how to deploy & manage a full Red Hat environment with Ceph block storage, & integrate Ceph into other OpenStack service

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question