How To Prevent Brute Force Attacks With Brutelock

Brutelock is an open source program that actively monitors various system logs and immediately blocks malicious IPs trying to attack your server.

Brutelock not only protects against ssh attacks but also other common systems such as ftp, pop and imap.  It has an extendible rules format that allows you to monitor an unlimited number of other services by simply supplying the log file and a simple regex search pattern.

There are just a few steps to install the Brutelock agent:

  1. Download Brutelock agent, and save to /usr/local/.
  2. cd /usr/local/
  3. tar -xjvf brutelock-version_number.tar.bz2
  4. cd /usr/local/brutelock-version_number
  5. ./configure 
  6. make
  7. make install
  8. Edit the new configuration file (/usr/local/brutelock/conf/brutelock.conf) with your subscription key *.
  9. Also edit the path to your ssh log in the configuration file if you need to. If you are unsure where that is for your system, please consult the README included with the Brutelock source. Uncomment any of the other services you wish to protect as well such as ftp, pop, and imap.
  10. Add any IP's to the /usr/local/brutelock/conf/whitelist file (each on separate lines) for any IP's that Brutelock should never lock out **.
  11. Add a separate chain to iptables:
    /sbin/iptables -N Brutelock-Firewall-INPUT
    /sbin/iptables -I INPUT -j Brutelock-Firewall-INPUT
  12. Start Brutelock daemon:
  13. Sit back and watch the number of failed login attempts drastically diminish from your logs.

* - If you do not have a subscription key, make sure to sign-up to receive yours. You can choose the free option which allows Brutelock to actively block brute force attacks or one of the paid subscriptions to allow Brutelock to proactively protect your servers by receiving constant updates from the Brutelock service. Visit the Brutelock website for more information.

** - In addition to the localhost address ( you should also enter the server's IP at a minimum.

Share this page:

Suggested articles

5 Comment(s)

Add comment


By: Anonymous

why use a commercial package when fail2ban and denyhosts are both free?


That is a great question. I'll make a few points to try to best answer that.

  1. Brutelock is free.  It is both open source as well as free in price.

  2. Only the Brutelock Subscription Service costs anything if you choose to use it.  It is completely optional.  We worked hard to price the cost of the subscription service to be very low so that any business/organization could afford to use it and in turn that money goes to support the infrastructure (servers, bandwidth, overhead) to run the service, end user support for installing/running Brutelock as well as future development and improvements.

  3. We are committed to continually improve and enhance the existing Brutelock product by adding new features, new security rules and broaden the scope of things it can automatically protect within a server. Each paid subscription helps fund this and future products that Brutelock will release. By having a revenue model in place we are not relying on donations just to keep the lights on.

By: Anonymous

That's easy.  Organizations like to have accountability when it comes to anything, including software.  If your IT Staff has exhausted their resources, or even to get an issue resolved immediately upon a mission critical installation, You have to have the provider of that software accountable.  That's the main reason why startup firms move to commercial software and away form open source software that doesn't have a foundation and infrastructure to provide paid support.

By: Joe

" Brutelock is free. It is both open source as well as free in price. "

What license are you using? There is no mention of it anywhere on your website.

By: jsteel

The client software is released under the GPL. There is a LICENSE file distributed with the source code.