You are not logged in.

#1 2004-12-15 09:17:57

Father
Member
From: Australia
Registered: 2004-06-01
Posts: 209

Can you autoban IPs after X many unsuccessful login attemps?

Im running SSH for an sftp server (ill be adding cvs soon), with an RSSH jail.
As you'd expect, im continually getting port scans and dictionary hack attempts and what not.

Im wanting to essentially ban an IP if they make X many unsuccessful login attempts. Is this possible without too much trouble?

Im assuming someones going to tell me to write a bash script that will echo ip's into hosts.deny
id rather not, unless someone can write the bash script for me!
i never really got into bash.. heh..

Offline

#2 2004-12-15 09:29:59

Father
Member
From: Australia
Registered: 2004-06-01
Posts: 209

Re: Can you autoban IPs after X many unsuccessful login attemps?

im thinking that doing it that way may actually be bad since hosts.deny would fill up and end up slowing things down each time someone tries a login.

since i dont have many users (~6), even though theyre on dynamic ip, it may be easier to just get their general ip domain and add them to hosts.allow

Offline

#3 2004-12-15 10:17:24

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Can you autoban IPs after X many unsuccessful login attemps?

i think you would have better luck using iptables instead of hosts.deny to deny access to people.
You could easily create a special chain for "blocked" users..then just execute a rule add to the end of that chain.
it would be better dealt with at the app level, but I don't recall ssh having any type of lockout functionality like you are specifying.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#4 2004-12-22 10:43:18

oscar
Member
From: Linköping, Sweden
Registered: 2004-08-13
Posts: 457

Re: Can you autoban IPs after X many unsuccessful login attemps?

take a look at firehol!

you simply log every failed login attempt, and put a copy of their ipaddresses in a file, a file which firehol reads, and blocks (with iptables) every single address in it smile

it shouldn't be that hard to fix smile


To err is human... to really foul up requires the root password.

Offline

Board footer

Powered by FluxBB