If you run an ssh server on your Ubuntu system, and allow password based authentication, then you’ll want to install DenyHosts. It watches the log files and blocks the IP address of those who fail to authenticate too many time. As always, while this article is Ubuntu oriented, the same basic procedure works on other distros.
The first step to blocking the baddies with DenyHosts is installation.
sudo apt-get install denyhosts
Once you get it installed, there is a bit to adjust in the configuration file.
sudo gedit /etc/denyhosts.conf
If they’re attacking your ssh service, they’ll probably attack every other service you run, so deny everything. Remove the hash, or pound sign, from the beginning of BLOCK_SERVICE = ALL and add one to the beginning of BLOCK_SERVICE = sshd.
Scroll down to the DAEMON SYNCHRONIZATION section. Enable synchronization with the main server. This tells your computer what other baddies are up to no good, and lets you report the ones who attack your machine.
You’re pretty much done now. Just save the configuration file, close the editor and restart the denyhosts daemon.
sudo /etc/init.d/denyhosts restart
Delicious
Digg
Reddit
Technorati
