[BlueOnyx:01655] Re: Slammed with Spammer

Greg Kuhnert greg.kuhnert at theanchoragesylvania.com
Sun Jul 12 13:22:12 -05 2009 

*---------- Original Message -----------*
From: Alan Kline <alan at snugglebunny.us>
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Sent: Sat, 11 Jul 2009 19:36:31 -0500
Subject: [BlueOnyx:01650] Re: Slammed with Spammer

 > I've been very pleased with DenyHosts since Chris Gebhardt turned me 
on to it.
 > It's a nice Python script. Essentially, I run it as a cron job every 10
 > minutes. It scans the secure log file. When it detects a certain 
number of attempts to
 > login through ssh by invalid users, bad passwords, or whatever, it'll 
automatically
 > add that IP to your hosts.deny file. It also can be set to exchange info
 > with other machines running DenyHosts. You can configure the number of
 > failed attempts before it acts, and set it to block ssh or all services.
 >
 >
 > Paul wrote:
 >
 > > Michael/Jeff/Jim/Larry,
 > >
 > > Many thanks to you all - Applied the iptables and /etc/hosts.deny and
 > > all has now stopped from that particular source.
 > > Have also removed the "user" in question... Interestingly enough, 
on an
 > > unused site....
 >

Chuck Tetlow wrote:
> Sounds like a very handy tool. 
>
> I'm safe as far as SSH is concerned, I've got that port and Telnet 
> blocked at my front-door router.  But I'm sick of hacking attempts via 
> FTP, POP3, and SMTP auth.  And just as our earlier friend - I've had 
> many instances of someone guessing passwords (usually stupid stuff 
> like username "info" and password "info").

Compass Networks produces two free tools that will help out with the 
above. Firstly, we produce a pkg file install of Denyhosts. Instead of 
running as a cron task, our package starts Denyhosts as a daemon that is 
always watching for SSH hacking bad-guys.

We also produce a totally home-grown solution to monitor for assorted 
authentication failures, as well as a few of the common http attacks. 
Once detected, the source IP is temporarily blocked for these badguys as 
well.

Further details are available at
http://www.compassnetworks.com.au/?page=denyhosts
and
http://www.compassnetworks.com.au/?page=dfix

Regards,

--
+---------------------------------------------------------------------+
|   / \   Greg Kuhnert, gkuhnert at compassnetworks.com.au               |
| <  o  > Compass Networks - Pointing you in the right direction      |
|   \ /   Come see us for BlueQuartz / BlueOnyx modules & Support.    |
+---------------------------------------------------------------------+

More information about the Blueonyx mailing list