Subject: | |
From: | |
Reply To: | |
Date: | Thu, 2 Oct 2008 14:13:32 +1100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi,
> Harry Enke wrote:
> > Hi,
> > there is an easy configurable tool for preventing brute force attacks,
> > it's called "fail2ban". It sifts through logs for attacks on security
> > critical ports and blocks login attempts from ip-addresses which fail
> > too often in too short a timeframe (configurable).
> >
> > http://www.fail2ban.org
I've personally been using:
http://www.aczoom.com/cms/blockhosts
for years now for customers that need ports open to the public internet (ftp,
ssh, etc). BlockHosts can work with various services out-of-the-box and
handles hosts.allow/deny files and/or iptables rules. It also has web
interfaces to display blocked lists and GeoIP maps if you want them.
> Is this in error?
> "Fail2ban scans log files like /var/log/pwdfail or
> /var/log/apache/error_log and bans IP that makes too many password
> failures. It updates firewall rules to reject the IP address."
>
> Examining logs after the event does not provide real-time protection.
I'm not after real-time, the above is good enough for me but I'm interested in
your comment. Is there a better software solution out there?
Michael.
|
|
|