Hello All, I had problems with the security server, the server is frequently attacked using bruteforce attacks. Is there an application that can perform automatic blocking when there are failed login to the ports smtp, pop3 port, and others?
I am currently using CentOS 5.5 in some servers Thanks in advanced.......
This is very simple and works great. Have done it on about 5 servers now.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG --log-prefix 'SSH attack: '
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_wit...
Matt