How to protect your Linux home server from automated scripts

1
Categories: Linux
Posted on: 25th May 2009 by: Andrei

Recently, while I was browsing through some of the ftp logs on my Ubuntu server, I’ve noticed some unsuccessfull login attempts with random usernames, spamming every few seconds.

Here’s a few of the solutions I have found to avoid such scripts from wasting too many of your resources:

  • Change the default ports of your services (ftp, ssh etc)
  • Blockhosts.py - scans system logs, and looks for failed login attempts. It keeps a record of the number of times a particular IP address had a failed login. When the count exceeds a configured value, that IP address is added to /etc/hosts.allow with a deny flag, so the next time that IP address attempts to connect to that box, they will get a refused connection message.
  • Fail2ban – scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
  • SSH Dictionary Attack Prevention with iptables – can also be adapted for use with other ports

Search

Web hosting

Categories

FeedBurner RSS

Friends

My links

Friends

Recent posts

Archives

Meta

Tag cloud

.NET academic papers programming singularity traits sorting ajax css tables ajax jquery backup bash books free java c++ C# lists hashset dictionary c++ memcpy microsoft charts javascript php csharp c# folder copy recursive CSS HTML page break datagridview c# dotnet observer pattern dotnet sdk win7 dotnet windows mobile excel macro vb LATEX academic Linux linux fedora ext4 linux ssh ftp vsftpd Microsoft microsoft bigtable opensource microsoft java sun microsoft office microsoft stirling geneva Microsoft windows office azure MSDN MySQL patterns PHP singleton iterator PHP sanitize filter validate PHP SDK Azure php windows regexp dotnet SQL MySQL JOIN twitter bot ai wolfram search engine