Hi all, Recently I'm receiving a lot of failed ssh login attempts on my box for user root as well as a whole lot of other users which doesn't even exist. I'm getting tired of blocking these IPs manually everyday. Is there any software that can look in the logs and put these IPs in iptables to drop automatically (either in a daemon mode or via cron)?
TIA -R'twick
Sorry, should have looked before posting!
I dont block any more, no point. The IP's change so frequently, I have never seen the same IP in any multiple attempts.
But if you want to use that code, it will search the message logs for Invalid users and add them to a blacklist. You should create the chain first, and call it from your INPUT chain.
/sbin/iptables -N BLACKLIST /sbin/iptables -I INPUT 1 -p TCP --dport 22 -j BLACKLIST
Just call it from cron whenever is suitable for you. If you start getting iptables resource unavailable errors, remove the zcat lines, so that it is only searching the current log file.
Better than having to run this code, run your SSHD Deamon on a non-standard port, such as 222, the scans will stop immeadiatly.
Thanks
Michael
-- gentoo-user@gentoo.org mailing list
