[wellylug] Blocking bad IPs from server
John Durham
johndurh at spunge.org
Fri Feb 9 11:39:00 NZDT 2007
David Antliff wrote::
>
> Late reply, I realise.
>
> I use DenyHosts - this can result in a big list of blacklisted IP
> addresses in /etc/hosts.deny however it can be configured to remove
> them after a period of time. Either way, it's a useful way to stop an
> attack on a service after the first five failed attempts (too bad if
> they hit your username and password in less than five, eh?). With
> DenyHosts you have to be careful not to lock yourself out by accident,
> but you can provide always-whitelist IP addresses from known-safe
> hosts just in case.
>
> DenyHosts watches your access log for failed connection attempts.
>
> Works well - I've been running it for 6 months without any issues.
> Informal log analysis shows attempts on my SSH port have dropped
> enormously (down to about 5 attempts every 20 minutes, always from a
> new IP address, rather than an almost constant stream).
>
> The value isn't so much in the final black-list, but the ability to
> put a stop to the attack very quickly.
>
I must look into that, thanks. It seems to have plenty of potential.
--
Regards, John Durham <http://modecideas.com/contact.html?sig>
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
Server hosted on Ubuntu 4.10
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.
More information about the wellylug
mailing list