NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: help? fighting ssh user/password guessing attempts

Well, my company's main business is shared hosting and we do host hundreths of websites with thousands of email accounts on dual core servers.

A php script scans maillog (pop) and eximlog (smtp) for every minute, while another one scans xferlog (ftp) and authlog (ssh) for every 3 minutes. We flush (reset) ipfw firewall rules for every 4 hours.

It does not cause load, or we haven't noticed untill now.

Why php? Well this is because i'm personally a (advanced) php script designer and mysql database administrator. I'm not really good at C++, maybe beginner. I call php to read all log files.


Steven M. Bellovin, 10/16/08 16:14:
On Thu, 16 Oct 2008 13:59:50 +0300
Cem Kayali <> wrote:

Well, if someone interested in, i have custom created 'php script'
run by a cron job and scans auth.log and then creates firewall rule
if it detects brute force attacks and/or certain number of incorrect authentiacations. It clears all rules occasionally. It may scan other ports as well, such as pop, smtp, ftp.

Does it actually help?  I'd say that that boils down to how long the
attacks last, versus how often you run the script.

                --Steve Bellovin,

Home | Main Index | Thread Index | Old Index