Home
Name Modified Size InfoDownloads / Week
README_ssh_brute_blocker_notes.txt 2021-05-16 945 Bytes
ssh_brute_blocker.ksh 2021-05-16 1.7 kB
seclists_org_README_POST.txt 2021-05-16 7.7 kB
Totals: 3 Items   10.4 kB 0
This is a very old script, whilst I have fixed a potential security issue with it, you should
really roll your own from it if you intend to use it. There are lots of other options available these
days if desired too.


In addition I had a cron job which would periodically restore /etc/hosts.deny so that IP addresses
were not permbanned in case an employee or app had guessed passwords incorrectly in quick succession.
I think I settled on 30 minutes or an hour, which was usually enough to break the automated scan
brute-force guessing processes, that most attacking hosts were engaged in. It also prevented hosts.deny
growing to a ludicrous size with all the brute-force scan IPs.


There are many ways to skin this cat, and this was just one quick approach back in the day, and my
approach at the time to protect what we had without decent IPS/IDS and firewalls etc.


Thanks, and good luck out there.


Mike. 16/05/2021
Source: README_ssh_brute_blocker_notes.txt, updated 2021-05-16