[PLUG] Login control
Carlos Konstanski
ckonstanski at pippiandcarlos.com
Thu Dec 11 16:42:07 UTC 2008
On Thu, 11 Dec 2008, ron at tymeless-tech.com wrote:
> Date: Thu, 11 Dec 2008 06:49:28 -0800 (PST)
> From: ron at tymeless-tech.com
> Reply-To: "General Linux/UNIX discussion and help; civil and on-topic"
> <plug at lists.pdxlinux.org>
> To: plug at lists.pdxlinux.org
> Subject: [PLUG] Login control
>
> Greetings all,
>
> Is it possible to block an IP after three attempts to login to a server???
>
> I have a server that I use to host websites for my clients and every once
> in a while, someone will try to bring it down or at least gain access to
> it via a brute force attack. Thus, I would like to simply only allow three
> attempts from any one IP address. Once they have failed, block the IP
> permanently.
>
> Any thoughts???
>
> With regards,
> Ron
Denyhosts does exactly this! It's a perl script that runs as a daemon
from /etc/init.d. It puts IP addresses into hosts.deny after the
configured number of failed login attempts.
I like to a step further, and disallow password authentication
entirely. On my public-facing server, I must use authorized keys. I
still run denyhosts though, using ssh as a honeypot to attract the
undesirables of the internet, for the same people might try to attack
other services as well.
Carlos
More information about the PLUG
mailing list