#!/bin/bash

Wed, 07. Jan - #!/home - #!/browse - #!/about - #!/wiki - #!/rss

Search: Search Projects Search Wiki

#!/login
#!/register

Blocking SSH Brute Force Attacks


Recently I’ve noticed several word book attacks on usernames using ssh. Using this script and iptables/at you can block them when there have been more than 10 failed attempts from an IP?.

If there has been no attempted login within an hour, the IP? is removed and has 10 attempts again.

If a login is successful, the IP? is also removed.

If you do not have a logrotate mechanism in place, simply start ./block.pl. Otherwise start it like this: # while : ; do ./block.pl ; done
This will ensure that it will restart after a log has been moved away.
Edit | History | Subscribe

shellscripts.org is © 2005 - 2107 Benjamin Schieder

Hosted at crash-override.net