Re: Got hacked?

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Alex Dean
Date:  
To: Main PLUG discussion list
Subject: Re: Got hacked?
Bryan O'Neal wrote:
> On my windows boxes I eliminate brute force attacks by having it lock
> out any account for 2 seconds after a wrong password and 15 minuets
> after 10 wrong passwords. But I don't know how to configure this on
> Linux?

http://denyhosts.sourceforge.net/

I use denyhosts to keep the dictionary attacks to a minimum. It's a
little daemon written in Python that scans ssh's logs and looks for
dictionary attacks. When a certain IP hits a user-configurable limit of
failed login attempts, the daemon adds that IP to ssh's host.deny file.
No more attempts from that IP.

You can set it up to purge the deny list after a certain amount of time
if you like. You can configure a different threshold for 'root' vs. any
other account. (ie: a remote attempt to log in as root gets an instant
ban. I already have root logins disabled, but this extra rule traps a
lot of bots.)

When I first started this up, I had about 150 IPs on my 'banned' list
inside of an hour. The number of new bans has gone down dramatically
since then, and I'm only seeing two or three a week now.

alex
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss