This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Wednesday, June 15, 2011
Block brute force attacks using denyhost
Check your /var/log/auth.log file. In this file you can able to see that some unauthorized user is constantly trying to access your system using brute force attacks. He/she trying to get the access of your system by some scripts which is trying to login with different password. We can block this using simple iptables rule.
Step 1 : Install Denyhost tools in your system.
apt-get install denyhost
Step 2 : Configure /etc/denyhost.conf file based on your requirement
* configure this file to anylize the log file
SECURE_LOG = /var/log/auth.log(default)
DENY_THRESHOLD_INVALID = 3 (will block each host after the number of failed login)
DENY_THRESHOLD_VALID = 5 (will block each host after the number of failed login for valid user login attempts)