SSH Brute Force Attack; Auto-Ban IP-Addresses
Solution 1
http://www.fail2ban.org/wiki/index.php/Main_Page
works for any log files, based on any phrases
Solution 2
http://denyhosts.sourceforge.net/
Related videos on Youtube
Justin
Updated on September 18, 2022Comments
-
Justin almost 2 years
Possible Duplicate:
Preventing brute force attacks against ssh?We have approximately 20 internet connected virtual machines, and just noticed that hackers are trying to brute force SSH port 22. They are trying common usernames (root, mysql, admin) and dictionary attacks.
We know one counter-measure is to run SSH on a different port, but that is not an option (must run on 22). Also, we know that disallowing passwords (only public-keys) is another counter-measure, but again, we require the ability to use password authentication.
Is there a package that can ban/block an ip-address if it tries to SSH incorrectly X number of times in a given interval?
Would be optimal if it could block for say 12 hours if 5 incorrect logins in a span of 1 minute.
Thanks.
-
gWaldo over 12 years
-
-
John Gardeniers over 12 years-1 for posting just a link.
-
chocripple over 12 yearsMy bad, noted :)