Name | Modified | Size | Downloads / Week |
---|---|---|---|
README_ssh_brute_blocker_notes.txt | 2021-05-16 | 945 Bytes | |
ssh_brute_blocker.ksh | 2021-05-16 | 1.7 kB | |
seclists_org_README_POST.txt | 2021-05-16 | 7.7 kB | |
Totals: 3 Items | 10.4 kB | 0 |
This is a very old script, whilst I have fixed a potential security issue with it, you should really roll your own from it if you intend to use it. There are lots of other options available these days if desired too. In addition I had a cron job which would periodically restore /etc/hosts.deny so that IP addresses were not permbanned in case an employee or app had guessed passwords incorrectly in quick succession. I think I settled on 30 minutes or an hour, which was usually enough to break the automated scan brute-force guessing processes, that most attacking hosts were engaged in. It also prevented hosts.deny growing to a ludicrous size with all the brute-force scan IPs. There are many ways to skin this cat, and this was just one quick approach back in the day, and my approach at the time to protect what we had without decent IPS/IDS and firewalls etc. Thanks, and good luck out there. Mike. 16/05/2021