Block IP after failed login attempt using iptables?
Hi,
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour? I know this is possible I've seen it done, but I can't find anywhere how to do it... |
Quote:
http://rfxnetworks.com/ lsm is good too. |
Please read the sticky in this forum.
[Edit] Where this has already been discussed in detail. Any "improvements" to the suggested solutions belong there. [/Edit] |
chane the ssh port from 22 to 2222
|
Install snort with IPS facilities
it will take care of all those IPs and block them if they try with wrong password for configurable no of times. |
Try fail2ban as well. Works perfectly for this.
|
You can also check CSF +BFD which is quite commonly used in the servers we manage.
Lot of customizations can be made w.r.t Ingress and Outgress filtering, plus you can manually block/unblock an IP address using csf -d, csf -a etc. |
All times are GMT -5. The time now is 01:29 AM. |