[CentOS] [WTA] Automatically blocking on failed login

Mon May 24 18:48:54 UTC 2010
Matt <lm7812 at gmail.com>

> Hello All,
> I had problems with the security server, the server is frequently attacked
> using bruteforce attacks. Is there an application that can perform automatic
> blocking when there are failed login to the ports smtp, pop3 port, and
> others?
>
> I am currently using CentOS 5.5 in some servers
> Thanks in advanced.......

This is very simple and works great.  Have done it on about 5 servers now.

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG
--log-prefix 'SSH attack: '

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP

http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

Matt