Got hacked?
Alex Dean
alex at crackpot.org
Fri Feb 23 20:57:26 MST 2007
Bryan O'Neal wrote:
> On my windows boxes I eliminate brute force attacks by having it lock
> out any account for 2 seconds after a wrong password and 15 minuets
> after 10 wrong passwords. But I don't know how to configure this on
> Linux?
http://denyhosts.sourceforge.net/
I use denyhosts to keep the dictionary attacks to a minimum. It's a
little daemon written in Python that scans ssh's logs and looks for
dictionary attacks. When a certain IP hits a user-configurable limit of
failed login attempts, the daemon adds that IP to ssh's host.deny file.
No more attempts from that IP.
You can set it up to purge the deny list after a certain amount of time
if you like. You can configure a different threshold for 'root' vs. any
other account. (ie: a remote attempt to log in as root gets an instant
ban. I already have root logins disabled, but this extra rule traps a
lot of bots.)
When I first started this up, I had about 150 IPs on my 'banned' list
inside of an hour. The number of new bans has gone down dramatically
since then, and I'm only seeing two or three a week now.
alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070223/73859780/attachment.htm
More information about the PLUG-discuss
mailing list