How to ban failed SSH, FTP, POP3 and SMTP logins?

[nenad]

So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.

[sjau]

For SSH I have this running:

http://www.howtoforge.com/preventing...with_denyhosts

on Debian Sarge and a SuSE 9.2 server

Oh, you have DenyHosts already ^^

[edge]

Not sure if FWSNORT is of use to you..

I'm using PSAD, but thats a Port Scan Attack Detector.

[nenad]

How to use DenyHosts for FTP or mail login ? Is it possible?

[edge]

An other one I just found.. Fail2Ban

[falko]

Also have a look here: http://www.howtoforge.com/forums/showthread.php?t=4611

[nenad]

Quote:

Originally Posted by edge

An other one I just found.. Fail2Ban

Some people are claiming that there are some problems with it.

BTW all of the solutions are mostly for SSH or FTP but I need solutions for SMTP and POP3 as I noticed that hackers are trying to break in mail server too. Probably they want to use it for spaming. What is the best solution to keep seafe mail server from brute force password crack?

[spunk]

Quote:

Originally Posted by nenad

So, as title says I am interested in findig the best possible way to ban all of IP's from where failed logins originate for ssh, ftp, pop3 and smtp services.

I past few days few hackers from China are permanently trying to login in any/all of those services. My complaints to their network's hostmasteers were hopeless.

As I am still under attack 24h daily, I am open to all sugestions.

P.S. DenyHosts installed for SSH. Logcheck too.

I installed ISPConfig for the first time yesterday and was amazed at it's capabilities. A very big "thank you" to all the developers.

DenyHosts has worked very well for me in the past on some other servers I have built and I will be installing it on my ISPConfig server. Until then, I made a few changes to the default sshd_config settings from my new install to increase the security of ssh. I set PermitRootLogin to "no" and added AllowUsers to just my personal login. Just these two changes alone will tighten up your ssh quite a bit. If you want to go further, changing the port sshd listens to is a great idea, as is using crypto keys instead of password authentication.