Login or Register to Ask a Question and Join Our Community


BSD

Deny logon for x hours if login failed x times

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems BSD Deny logon for x hours if login failed x times
# 1  
Old 10-31-2008
Deny logon for x hours if login failed x times
Hello,

I have a small inquiry.
Sometimes, my good friend, Charlie Root, sends me security notifications that a possible breakin attempt has occured. It looks like this:

Oct 29 06:58:17 cigva sshd[<random port>]: reverse mapping checking getaddrinfo for 180.144.164.220.broad.sm.yn.dynamic.163data.com.cn [220.164.144.180] failed - POSSIBLE BREAK-IN ATTEMPT!

(goonet.info is probably the worst culprit yet on my system with downright spamming).

As far as I can see, that connection is not one I'd want to allow. I do not recognize any of the IP adresses above. My system rejects it but I would like to add a bit extra to help get rid of these would-be hackers.

Does any of you know what people are actually trying to do? Are they scanning for SSH connections to abuse or...?

Is it possible to either:

1. Prevent this from being able to be done every second (i.e. increase it to a 10 seconds delay between the attempts on <whatever he is doing>?

2. Can you deny logon for specified time from a given IP if several login attempts from that IP is made (ex. >= 3 failed)?

Thanks,
Klaus Smilie
Last edited by brightstorm; 10-31-2008 at 11:44 PM..
# 2  
Old 11-03-2008
What are your firewall settings?
# 3  
Old 11-03-2008
Have a look at Fail2ban.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Dynamically ban ip after failed login

Hello, I need some help with network/firewall settings in Solaris 11.3. What I want to achieve is that if someone tries to log in to my server and fails I want that IP to be banned for some time. So if a computer/user tries to login to my ssh-server on a specified port (normally 22) and... (2 Replies)
Discussion started by: Zorken
2 Replies

2. Shell Programming and Scripting

Limit a user's login prompt upon logon

Hey Am new to scripting in aix 5.3 I need to write a script to limit a user's logon prompt to an interactive menu based upon logon and nothing else. Any ideas much appreciated. :wall: (4 Replies)
Discussion started by: mills
4 Replies

3. UNIX for Advanced & Expert Users

System call failed with 127 .. after 500 times when called in loop

Hi Experts, I have a code like this. ===== #include.... int main() { int count = 0; while(1){ printf("\n Interation number is: %d \n ",count); rv = system(" test.sh > log.txt " ); if (-1 == rv) { printf("Could not generate static log: error... (12 Replies)
Discussion started by: binnyjeshan
12 Replies

4. Solaris

Console Login Failed..

Dear Unix Team, This is sudhansu once again. I need some tips on below issue. Sometimes we got calls from customer that their console got hangged means they are not able to access the server through console ip. in that case "resetsc -y" will resolve the issue. 2. But couple of days... (2 Replies)
Discussion started by: sudhansu
2 Replies

5. Solaris

FTP login failed.

Hi guys, Can you please help me. I have SUN V100 server running solaris 8. I also have a Redhat Linux 6.2 machine and a windows XP machine on the network. I'm trying to copy files from the Linux and XP machines to the V100 server. When I try to ftp to the solaris machine, I'm challenged... (2 Replies)
Discussion started by: Stin
2 Replies

6. Solaris

Deny root remote login help

I'm attempting to deny a user's ability to login as root through any remote means - ie telnet or ssh. I've read most of the threads that I can find on this site and I've looked at BigAdmin on Sun's site. I have done what has been suggested here and on BigAdmin which is to make sure that the line... (5 Replies)
Discussion started by: gonzotonka
5 Replies

7. Solaris

Last Failed Login

Hi, Would appreciate it if someone could shed me some light here as I'm yet to find any related information in this forum with regards to my problem. Basically, I would like to display "Last Unsuccessful login" information when a user successfully logs-in to the system. I can't seem to find... (2 Replies)
Discussion started by: gilberteu
2 Replies

8. Shell Programming and Scripting

Help script for login times

I am new to shellscript . PLease help me how can I write the following script. $ who ray pts/0 aug 31 01:18 ( 65.169.28.200 ) ray pts/1 sep 2 02:28 ( 65.169.28.200 ) bob pts/3 sep 2 02:31 ( 65.169.28.201 ) when run the command who |./ script , the script should... (3 Replies)
Discussion started by: LAY
3 Replies

9. AIX

Number of login times

Hi! I'm currently using AIX 4.3 and would like to know where can i find to see that there's a restriction on the number of login times a user can have. Example, I want to see whether user A has only 1 login while user B can have 2 logins (without logging off the first one). Would I be able to... (7 Replies)
Discussion started by: ftengcheng
7 Replies

10. UNIX for Dummies Questions & Answers

How to block the IP after many times fail login?

Hi, there. I am using Red Hat 9 to run my web server. Recently I found lots tempts from different IP addresses tried to login into my system. I am not sure if they are the same person or not. Since this server is only for web hosting purpose for couple of my friends and myself, so it is very easy... (2 Replies)
Discussion started by: HOUSCOUS
2 Replies
Login or Register to Ask a Question