Thursday, May 03, 2007

Deny.hosts file

I described last week how many (zombie) computers are attempting to gain anauthorized access to my server via open SSH port. Though I haven't been able to configure my iptables firewall as per my wishes, here's a temporary fix:

This guy has released his hosts.deny file to the public, so that we can ban these bad guys. Just copy it to your /etc/ directory (overwriting existing deny.hosts file) and restart your network or computer. It'll start working straightaway.

Additionally, here is a very nice and easy tutorial about installing denyhosts, an automated program which scans your logs for multiple unauthorized login attempts, and bans those hosts from accessing your computer।

To install Denyhosts on Ubuntu:
sudo apt-get install denyhosts

The default installation of Denyhosts in Ubuntu comes with reasonably secure default settings. It also adds a daemon at startup! Being a zero-configuration daemon, I recommend it over fail2ban (which does require configuration by hand in Ubuntu).

1 comment:

Dunc said...

Thanks for this. I was looking for something entirely different, but this made me think, and take a look at my logs. My logs were jammed full of attacks. Now I have this script up and running and will probably go back to my 'ignorance is bliss' mentality.