fail2ban

ffreeloader · #1 05-Mar-2008, 09:55 PM

I just ran across this little security-related utility today. I don't know if it's available for Windows, but it's an awesome little tool for *nix servers.

What it does is read the access logs, real time, for any service it is configured to protect, i.e., ftp server, web server, ssh, etc... and immediately bans IP addresses based upon failed logins. It puts an immediate halt to things such as dictionary attacks.

It is simple to configure, extremely easy to install and set up, and at the same time highly configurable. It will work with both standalone daemons and services made available through inetd or xinetd.

Here is a link to their home page. http://www.fail2ban.org/wiki/index.php/Main_Page

**Sparky** · #2 05-Mar-2008, 10:10 PM

Handy utility that. One of my FTP servers is getting hammered with fake log-ins just now.

ffreeloader · #3 05-Mar-2008, 10:14 PM

Quote:

“

Originally Posted by Sparky

Handy utility that. One of my FTP servers is getting hammered with fake log-ins just now.

”

That it is. It's one of the handiest little security tools I've run across in a long time. Very little learning curve and very effective.

S0l5 · #4 05-Mar-2008, 10:38 PM

Not bad tool, might just use it on my SSH server, i was wandering got any tutorials or articles on securing SSH?

ffreeloader · #5 05-Mar-2008, 11:02 PM

Quote:

“

Originally Posted by S0l5

Not bad tool, might just use it on my SSH server, i was wandering got any tutorials or articles on securing SSH?

”

Take a look at the following link and see if it helps.

http://blog.unixlore.net/2006/04/fiv...ecure-ssh.html

**hbroomhall** · #6 05-Mar-2008, 11:19 PM

Er - securing SSH? It *is* secure - unless you do something silly.

If you want to read up on SSH get the O'Reilly book on it. Goes into a *lot* of detail.

Harry.