New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Software protection against bruteforce attack (ssh, etc.)
ngstargate
Member
Software protection against bruteforce attack (ssh, etc.)
What do you use?
Share your opinions and recommendations.
Comments
fail2ban works great for me
ConfigServer Security & Firewall
Yeah it even bans myself Luckily I'm not the only one with access and/or working on things.
DenyHost works better than Fail2ban
Fail2ban works nicely for me.
DenyHosts will only watch your SSH service. If you need it to protect other services as well, Fail2ban is definitely a better choice.
CSF/LFD
I am pretty sure I have seen port monitoring option for denyhost.
Depending on how much resources you have / can dedicate. You can go all tinfoil hat and do CSF/LFD + Fail2ban + Denyhosts. You just have to send blocks to CSF only, or you will have trouble. For Example Fail2Ban:
edit /etc/fail2ban/action.d/csf-ip-deny.conf:
and in jail.conf:
If you want to go truly crazy and watch your server choke:
edit /etc/csf/csf.blocklists and uncomment any /all lists.
Project Honey Pot Directory of Dictionary Attacker IPs;
Details: http://www.projecthoneypot.org
HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
C.I. Army Malicious IP List;
Details: http://www.ciarmy.com
CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt
BruteForceBlocker IP List;
Details: http://danger.rulez.sk/index.php/bruteforceblocker/
BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php
Emerging Threats - Russian Business Networks List;
Details: http://doc.emergingthreats.net/bin/vie/Main/RussianBusinessNetwork
RBN|86400|0|http://rules.emergingthreats.net/blockrules/rbn-ips.txt
OpenBL.org 30 day List;
Details: http://www.openbl.org
OPENBL|86400|0|http://www.us.openbl.org/lists/base_30days.txt
Autoshun Shun List;
Details: http://www.autoshun.org/
AUTOSHUN|86400|0|http://www.autoshun.org/files/shunlist.csv