Thursday, September 23, 2010

Banning IP Addresses

Running an SSH server on an open public port attracts attacks.

If you have disabled password login then the attacks shouldn't be that successful, but they do fill your logfiles with records of every attempt.

This is both amusing and a nuisance.

Once you're bored of watching,

$sudo apt-get install fail2ban

fail2ban is a general security thingy, but the default installation on Ubuntu is set up to watch for unsuccessful ssh connections. Too many from an IP address, and the IP address gets banned for a while.

So now your attack logs should grow more slowly.

Thanks Gareth!

No comments:

Post a Comment