[CentOS] [WTA] Automatically blocking on failed login
Matt
lm7812 at gmail.com
Mon May 24 18:48:54 UTC 2010
> Hello All,
> I had problems with the security server, the server is frequently attacked
> using bruteforce attacks. Is there an application that can perform automatic
> blocking when there are failed login to the ports smtp, pop3 port, and
> others?
>
> I am currently using CentOS 5.5 in some servers
> Thanks in advanced.......
This is very simple and works great. Have done it on about 5 servers now.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG
--log-prefix 'SSH attack: '
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
Matt
More information about the CentOS
mailing list