Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

How to block the IP after many times fail login?

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers How to block the IP after many times fail login?
# 1  
Old 07-28-2004
Question How to block the IP after many times fail login?
Hi, there. I am using Red Hat 9 to run my web server. Recently I found lots tempts from different IP addresses tried to login into my system. I am not sure if they are the same person or not. Since this server is only for web hosting purpose for couple of my friends and myself, so it is very easy found out other people tried to get in.

My situation is like this: I have to run the ssh, but those tempts are really annoying. So could anyone show me how to block an IP address after 5 fail login, just for couple hours.

Thanks in advance,

HOUSCOUS
# 2  
Old 08-04-2004
HOUSCOUS,

Good question. I typically use VPN and don't allow outside ssh to key systems. However, it would be a simple enough exercise to author a PAM module that kept count and updated /etc/hosts.deny based on failed attempts. I'll look at it further and see how simple it would be to do.

If you login from a perdictable number of networks, you could just use a deny all rule and then allow specific networks. You'll need to have ssh compiled to support TCP_WRAPPERS.

Cheers,

Keith
# 3  
Old 08-19-2004
You're probably seeing the results of this new automated ssh login tool that is discussed at length here:

http://seclists.org/lists/fulldisclo.../Jul/1109.html

I found it after I noticed many attempts from people to log in to my ssh server as either "root", "guest", "test" or "admin". The first thing I made sure was that my /etc/ssh/sshd_conf had "PerminRootLogin no" and that the line was uncommented. (I'm not in the habit of ever logging in as root, even from the console - su and sudo are my friends). Since I don't have the other 3 users on that system, there's not much to worry about from the morons who are running the ssh script.

But to get rid of the annoying attempts, I just added those IPs to a table of blocked IPs for in my (OpenBSD/PF) firewall. You can use sed and awk to parse your authlog for "Failed" or "Illegal", extract the IP from those lines, and automate something like this, depending on the firewall you use...or add them to /etc/hosts.deny. But be careful when automating this, it's easy to block valid IPs using such tools too.
Last edited by dkaplowitz; 08-19-2004 at 09:42 PM..
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Programming

Problem with implementing the times() function in C (struct tms times return zero/negative values)

Hello, i'm trying to implement the times() function and i'm programming in C. I'm using the "struct tms" structure which consists of the fields: The tms_utime structure member is the CPU time charged for the execution of user instructions of the calling process. The tms_stime structure... (1 Reply)
Discussion started by: g_p
1 Replies

2. Solaris

Login Access fail

Hi, I need some help regarding login issue. I have to use 8 server. The username is same at all. But when i was trying to access for particular 4 server. I got access denied error. Please help .... Note: If i change my password by using root user. then I can able to enter into the same server.... (6 Replies)
Discussion started by: Mani_apr08
6 Replies

3. Red Hat

webmin login fail

Hi all, I got error, when i logged with webmin. please show me the way how can i login with webmin (4 Replies)
Discussion started by: mastansaheb
4 Replies

4. HP-UX

Fail safe during login.....

hi, i want to ask about why after im log in from CDE, it appears a pop up stated that i must go to Failsafe Session from the login screen's option menu and log in..... can anyone help??:) (2 Replies)
Discussion started by: ameer88
2 Replies

5. UNIX and Linux Applications

how to block imap/pop user's login

Is this possible to block particular user's email-client configuration on basis of pop/imap settings in linux ,dovecot.conf or anywhere ?As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet. Before (1 Reply)
Discussion started by: sandeepvson
1 Replies

6. HP-UX

Can not login to CDE -- only Fail Safe Session permitted

Hi, I am a hobbyist with a very old machine I have been trying to get up and running. I have an HP 9000/C240 with 1G of RAM and 3-8.5G HD. It is configured with 1G SWAP/DUMP. Currently only one drive is in use via LVM. I have not gotten around to creating more volumes just yet. It is running... (11 Replies)
Discussion started by: Dirk_
11 Replies

7. HP-UX

where I can set login fail ,lock time

where I can set login fail ,lock time thanks (2 Replies)
Discussion started by: alert0919
2 Replies

8. BSD

Deny logon for x hours if login failed x times

Hello, I have a small inquiry. Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this: Oct 29 06:58:17 cigva sshd: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn ... (2 Replies)
Discussion started by: brightstorm
2 Replies

9. Shell Programming and Scripting

Help script for login times

I am new to shellscript . PLease help me how can I write the following script. $ who ray pts/0 aug 31 01:18 ( 65.169.28.200 ) ray pts/1 sep 2 02:28 ( 65.169.28.200 ) bob pts/3 sep 2 02:31 ( 65.169.28.201 ) when run the command who |./ script , the script should... (3 Replies)
Discussion started by: LAY
3 Replies

10. AIX

Number of login times

Hi! I'm currently using AIX 4.3 and would like to know where can i find to see that there's a restriction on the number of login times a user can have. Example, I want to see whether user A has only 1 login while user B can have 2 logins (without logging off the first one). Would I be able to... (7 Replies)
Discussion started by: ftengcheng
7 Replies
Login or Register to Ask a Question