HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=19)
-   -   How to ban failed SSH, FTP, POP3 and SMTP logins? (http://www.howtoforge.com/forums/showthread.php?t=5515)

nenad 13th July 2006 20:07

How to ban failed SSH, FTP, POP3 and SMTP logins?
 
So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.

sjau 13th July 2006 21:21

For SSH I have this running:

http://www.howtoforge.com/preventing...with_denyhosts

on Debian Sarge and a SuSE 9.2 server

Oh, you have DenyHosts already ^^

edge 13th July 2006 21:32

Not sure if FWSNORT is of use to you..

I'm using PSAD, but thats a Port Scan Attack Detector.

nenad 13th July 2006 21:35

How to use DenyHosts for FTP or mail login ? Is it possible?

edge 13th July 2006 22:41

An other one I just found.. Fail2Ban

falko 14th July 2006 13:37

Also have a look here: http://www.howtoforge.com/forums/showthread.php?t=4611

nenad 14th July 2006 14:05

Thank you.

After I reported attacks to china network hostmaster attacks siezed, for now.
But I will install some of these solutions.

BTW does DenyHosts and BlockHosts interfere one with another?

on the other hand I have toughts about installing FreeSCO or IPCop on separate machine instead of hardware router...?

Which one is better FreeSCO or IPCop ?

nenad 14th July 2006 14:09

Quote:

Originally Posted by edge
An other one I just found.. Fail2Ban

Some people are claiming that there are some problems with it.

BTW all of the solutions are mostly for SSH or FTP but I need solutions for SMTP and POP3 as I noticed that hackers are trying to break in mail server too. Probably they want to use it for spaming. What is the best solution to keep seafe mail server from brute force password crack?

Ben 14th July 2006 14:12

One thing for smtp stuff from china would be greylisting... (postgrey)...
If I got the time I will post sth. how to use with ISPConfig...

Regarding the SSH-Stuff, I just moved my SSH port, since then I did not find any scan for ssh...
For that purpose I disabled the ISPConfig firewall (because it does not let me close port 22) and set it up on the shell via firehol

nenad 14th July 2006 14:17

Quote:

Originally Posted by Ben
One thing for smtp stuff from china would be greylisting... (postgrey)...
If I got the time I will post sth. how to use with ISPConfig...

Regarding the SSH-Stuff, I just moved my SSH port, since then I did not find any scan for ssh...
For that purpose I disabled the ISPConfig firewall (because it does not let me close port 22) and set it up on the shell via firehol

When attack occurs, and that could be in middle of night, I don't have time to ask for "graylist". Password chechk which occurs dozen times pre second can put significant load on server. Only "ban" method is solutions in such occurences.


All times are GMT +2. The time now is 16:48.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.