coding, security

Preventing SSH Brute Force Attacks

I’ve been looking for a way to prevent ssh brute force attacks. Although they are not particularly dangerous if you have prohibited password login (which you should have done under any circumstances), they had been spamming my log files. Asking the almighty search engine for relief, I found a number of interesting articles about attack blocker, such as DenyHost.

I’ve just installed the package on my private OsX server via MacPorts. However, it took me a while until I found the installation location of all required files. After having touched /etc/hosts.deny (the file used by denyhosts to store suspicious ips for tcp_wrappers to block them), copied /opt/local/share/denyhosts/denyhosts.cfg-dist to somewhere reasonable (e.g. /etc/denyhosts.cfg), modified it to my needs (added E-Mail etc.), I was able to test start DenyHost with:

sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg

I’ve got a nice email telling me that, deducing from my /var/log/secure.log some IPs were now added to hosts.deny. Furthermore, some interesting data have been stored in /opt/local/share/denyhosts/data.

However, I prefer DenyHost to be running in daemon mode and to synchronize with data collected from the cloud, so I inserted  SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 into denyhosts.cfg and started DenyHost with some additional options:

sudo /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/denyhosts.py --config=/etc/denyhosts.cfg --sync --daemon

And now I feel much more comfortable now.

Related Links:

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s