View Full Version : Denyhosts 2.4b SSH firewall
xemaps
04-14-2006, 06:22 AM
New denyhosts release 2.4b correcting few little bugs
FC3 sample :
#wget http://ovh.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.4b.tar.gz
#tar zxvf DenyHosts-2.4b.tar.gz
follow README.txt to install denyhosts
after, just unmark SECURE_LOG=/private/var/log/system.log
with # in denyhosts.cfg little bug & set your mail if you want report
If you upgrade, stop daemon and replace daemon-control & denyhosts.cfg with dist packages, set again.
more info here : http://denyhosts.sourceforge.net/
Pascal
04-15-2006, 03:07 PM
Just what I needed! No APF + ... needed with this one. I had a server who had a kernel panic after SSH was bombed :( This should be the solution then :)
Oddis
04-15-2006, 03:33 PM
ssdhfilter do much of the same.
The reason I found it better, is because it was simpler to install for a newbie
I have tried it for a couple of days and I have got rid of the problem with dictionary attacks of sshd.
words from the developer
With sshdfilter installed, taking each attack on a case by case basis:
347 attempts becomes 0 attempts - first attemped guess was for a non-existant user, so was instantly blocked.
306 attempts becomes 0 attempts - same reason, non-existant user.
115 attempts becomes 1 attempt - first guess was for root and is allowed a default of 3 chances, the second guess was for a non-existant user and so was blocked anyway.
115 attempts becomes 1 attempt - same as previous.
127 attempts becomes 3 attempts - many initial guesses for root account, so sshdfilter blocks after the first 3 failed attempts.
18 attempts becomes 0 attempts - first attempted guess was for a non-existant user, so was blocked instantly.
554 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
107 attempts becomes 1 attempt - first guess was for a valid user (nobody), second guess was for a non-existant user so was blocked.
9 attempts becomes 0 attempts - first guess was for a non-existant user so was blocked instantly.
52 attempts becomes 3 attempts - many initial guesses for root accont, so sshdfilter blocks after the first 3 failed attempts.
http://www.csc.liv.ac.uk/~greg/sshdfilter/
vBulletin® v3.7.0, Copyright ©2000-2008, Jelsoft Enterprises Ltd.