Ban bruteforce SSH attacks

21 March 2007

I picked up on a post over at Michele’s Blog giving some good advice on stopping bruteforce SSH attacks against your dedicated server.

I get a daily log report emailed from my server and am normally too overwhelmed with the sheer number of bruteforce login attempts to even bother reading the rest of the log summary.

However, with Michele’s suggestion I have successfully implemented Fail2Ban on my CentOS box and am now happy to see repeat offenders being banned for 15 minutes at the IPtables level.

Another step I took before this was to switch my server to key based authentication only and refuse any password attempts, which was thwarting any attempt to actually login but still generating a lot of log noise.

Today my emailed log file was big enough to fit onto one screen, hurrah! Thanks for the tip Michele :)


Sorry, comments are closed for this article.