Can you autoban IPs after X many unsuccessful login attemps?

Father · 2004-12-15 09:17:57

Im running SSH for an sftp server (ill be adding cvs soon), with an RSSH jail.
As you'd expect, im continually getting port scans and dictionary hack attempts and what not.

Im wanting to essentially ban an IP if they make X many unsuccessful login attempts. Is this possible without too much trouble?

Im assuming someones going to tell me to write a bash script that will echo ip's into hosts.deny
id rather not, unless someone can write the bash script for me!
i never really got into bash.. heh..

Father · 2004-12-15 09:29:59

im thinking that doing it that way may actually be bad since hosts.deny would fill up and end up slowing things down each time someone tries a login.

since i dont have many users (~6), even though theyre on dynamic ip, it may be easier to just get their general ip domain and add them to hosts.allow

cactus · 2004-12-15 10:17:24

i think you would have better luck using iptables instead of hosts.deny to deny access to people.
You could easily create a special chain for "blocked" users..then just execute a rule add to the end of that chain.
it would be better dealt with at the app level, but I don't recall ssh having any type of lockout functionality like you are specifying.

oscar · 2004-12-22 10:43:18

take a look at firehol!

you simply log every failed login attempt, and put a copy of their ipaddresses in a file, a file which firehol reads, and blocks (with iptables) every single address in it

it shouldn't be that hard to fix

Arch Linux

#1 2004-12-15 09:17:57

Can you autoban IPs after X many unsuccessful login attemps?

#2 2004-12-15 09:29:59

Re: Can you autoban IPs after X many unsuccessful login attemps?

#3 2004-12-15 10:17:24

Re: Can you autoban IPs after X many unsuccessful login attemps?

#4 2004-12-22 10:43:18

Re: Can you autoban IPs after X many unsuccessful login attemps?

Board footer