After enduing another set of SSH attacks on my poor little home server I decided I needed to do something about it. Check out DenyHosts, its a python script that blocks hosts that fail authentication multiple times, but foremost it synchronizes with a central DB of blocked hosts so you can blocks hosts that have been annoying other people too. All hosts can be removed via a aging system where the script keeps track of how long hosts have been blocked, this is necessary if you don’t want you hosts.deny to grow exponentially huge.

Currently have over 139000 blocked hosts in my hosts.deny. I age them out after 4 months of inactivity. This may sound like an inefficient way to keep out the, undesirables, but it beats having thousands of login attempts everyday. Few things please me more than getting my logwatch email and seeing

 Refused incoming connections:
       ::ffff: (::ffff: 1 Time(s) (::ffff: 1 Time(s)

Eat that you zombies!!

Comments are closed.