[CentOS] Dealing with brute force attacks

Thu May 14 16:48:33 UTC 2009
Rudi Ahlers <rudiahlers at gmail.com>

On Thu, May 14, 2009 at 5:48 PM, Bill Campbell <centos at celestial.com> wrote:

> On Thu, May 14, 2009, James B. Byrne wrote:
> >Over the weekend one of our servers at a remote location was
> >hammered by an IP originating in mainland China.  This attack was
> >only noteworthy in that it attempted to connect to our pop3 service.
>
> You might look at fail2ban which can automatically create
> iptables blocks when things like this happen.
>
> Bill
> --
> INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
> URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
> Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
> Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792
>
> Manual, n.:
>        A unit of documentation.  There are always three or more on a
>        given item.  One is on the shelf; someone has the others.  The
>        information you need is in the others.
>                -- Ray Simard
> _______________________________________________
>

fail2ban does a good job of automatically blocking any IP which constantly
tries to login to any service with an incorrect password.

Another option, with even more control, is ConfigServer firewall (or other
firewalls), which can monitor various aspects of your network and block
unwanted users on demand.

-- 
Kind Regards
Rudi Ahlers
CEO, SoftDux Hosting
Web: http://www.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090514/43591e60/attachment-0005.html>