Linux Today: Linux News On Internet Time.

More on LinuxToday

DenyHosts: Keep on Knocking but You Can't Come

May 25, 2011, 08:03 (1 Talkback[s])
(Other stories by Joe Brockmeier)

[ Thanks to An Anonymous Reader for this link. ]

"What's DenyHosts? It's a small utility that blocks attempts to connect to your server via SSH when there are too many failed attempts or (if you enable the feature) when a host matches a centralized list of addresses that have been making too many failed attempts to connect via SSH.

"If you've maintained a server for any amount of time, you've probably noticed a number of failed SSH login attempts in /var/log/secure, /var/log/messages, or /var/log/auth.log -- depending on which distro or *nix flavor you're using. I ran into this recently with a slew of attempts from an address that resolves to a ".kr" domain. Since I'm relatively sure I haven't been to South Korea lately and I have no colleagues or friends with access in South Korea, it's a no-brainer that the failed attempts are illegitimate."

Complete Story

Related Stories: