Hi,
Recently I've discovered many attempts to login on my zoneminder server with brute force and dictionnary attacks. I've checked the /var/log/auth.log file just to copy all the unwanted hosts adresses to /etc/hosts.deny but there were way too many. On Google i've found that script: DenyHosts-1.1.4
Its a very effective python script that can configure how many failed login attempts are permitted before denying access to the specified service or services. It is very easy to install and configure, check its many features at: http://denyhosts.sourceforge.net/
Highly recommended.
Unwanted login attempts
-
zoneminder
- Site Admin
- Posts: 5215
- Joined: Wed Jul 09, 2003 2:07 pm
- Location: Bristol, UK
- Contact:
Excellent, that looks like a pretty neat tool. I might give it a play on this box (apologies if everyone gets banned all of a sudden 
)
I always try and run my ssh (and sometimes http etc) services on unusual ports anyway, just to remove the sheer amount of random attacks. If you have ssh on port 3497 and someone is attacking you on that then you know they're after you and it's not just a sweep!
)I always try and run my ssh (and sometimes http etc) services on unusual ports anyway, just to remove the sheer amount of random attacks. If you have ssh on port 3497 and someone is attacking you on that then you know they're after you and it's not just a sweep!
Phil
I'm quite lucky in that I'm the only remote user to my servers and I've got a fixed ip - for anything other than the public services I run, I can "block All but from one IP" on the adsl modem/router firewall.
I had one linux box compromised by the most embarassing way possible - an unsecured guest account, so I'm a tad paranoid now...
I had one linux box compromised by the most embarassing way possible - an unsecured guest account, so I'm a tad paranoid now...