Using SSHBlack.pl for a smokeless server
When I recently checked my logs for this server I was greeted by an endless list of lines containing:
[sshd] Failed password for illegal user student from 204.11.235.142 port 50208 ssh2
[sshd] Illegal user student from 204.11.235.142
[sshd] Failed password for illegal user student from 204.11.235.142 port 50339 ssh2
[sshd] Illegal user student from 204.11.235.142
Even though my password is of the ‘hard to bruteforce’ variety this still isn’t a situation you want to have happening on a constant basis. It makes the server give up smoke, and when the smoke gets out of the computer, it stops responding.
The solution is SSHBlack which works as a log analyzing daemon that scans for failed login attempts. After a previous set limit of failed attempts it blocks the IP address from connection for a set duration (in my case, forever).
I get about 4 blacklisted ip’s a day now and server activity is much lower.
No Comments »
RSS feed for comments on this post. TrackBack URL