LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-04-2007, 12:46 AM   #1
parv
Member
 
Registered: Jul 2004
Location: USA
Distribution: Mint, Scientifc Linux, Ubuntu
Posts: 180

Rep: Reputation: 30
how to automatically block an IP after trying log in multiple times?


I have root access to a linux machine in office.
From home I need to log in to it using DHCP.
So I cannot only allow accesses from specific IP
addresses. When I check the system log, I found there
were attack attempts from different IPs. I could block
those IPs with "iptables -A INPUT -s harmful_IP -j DROP".

But I still feel unsafe even though I don't allow
root access remotely at all. So I want to know how
to automatically block an IP if there are a certain
amount of unsuccessful login attempts.

Anyone can provide a direction to look into?
Or exact procedures to follow? My linux machine is
running CentOS 4.4.

Thanks!
 
Old 03-04-2007, 01:49 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
there's actually tons of tools that do this... here's a few examples:

http://denyhosts.sourceforge.net/

http://www.fail2ban.org/

http://www.aczoom.com/cms/blockhosts/

BTW, this is a very common question... so much so that there's a sticky thread entitled "Failed SSH login attempts" at the top of this forum... not sure if you missed it or something... anyhow, like i said, the links i posted are just a few examples... if you read through the sticky or do some googling i'm sure you can find many more solutions... i hope you find one you like... good luck...
 
Old 03-04-2007, 09:37 PM   #3
parv
Member
 
Registered: Jul 2004
Location: USA
Distribution: Mint, Scientifc Linux, Ubuntu
Posts: 180

Original Poster
Rep: Reputation: 30
thanks for your help.
yeah, should have looked up similar threads a little bit more.
i tried to search first but was not sure what exactly I should
look for :-)

Quote:
Originally Posted by win32sux
there's actually tons of tools that do this... here's a few examples:

http://denyhosts.sourceforge.net/

http://www.fail2ban.org/

http://www.aczoom.com/cms/blockhosts/

BTW, this is a very common question... so much so that there's a sticky thread entitled "Failed SSH login attempts" at the top of this forum... not sure if you missed it or something... anyhow, like i said, the links i posted are just a few examples... if you read through the sticky or do some googling i'm sure you can find many more solutions... i hope you find one you like... good luck...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Want to log traceroute or ping times wkm001 Linux - Software 4 10-22-2011 06:27 AM
Konqueror opens multiple times sploit Linux - Newbie 18 07-14-2007 08:11 AM
How many times a user can log in cRacKya Linux - Security 2 02-20-2005 03:11 PM
same email, multiple times ?? (exchange... sorry) itsjustme General 1 01-14-2005 02:33 PM
running wget multiple times quickk Linux - Newbie 1 09-16-2004 06:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration