Protecting against SSH attacks

On some servers you are obliged not to run a firewall nor use VPN. As a result your sshd will be the direct attack target for many amateurs and professionals alike.

To protect against ssh attacks, I run the following script in crontab:

#! /bin/bash
# A script to automatically counter ssh attacks
# vars
# logic
# get unique attacking IPs
grep "Did not" $secure | awk '{print $12}' | uniq -u > $file
# if IP is in /etc/hosts.deny do nothing, if IP is NOT in /etc/hosts.deny, add it there!
for ip in $(cat $file); do grep --silent $ip $deny; if [ $? -ne 0 ]; then echo "sshd:$ip" >> $deny; fi; done
# exit as learnt
echo "we have exited $RETVAL"; exit $RETVAL

Sometimes you may encounter a line in /etc/hosts.deny like:

It may be blocking you!
Be aware, I have warned you beforehand.


Popular posts from this blog

Tethering Nokia E51 to CentOS 5.5 on HP 6730s

مابين الإيمان بالله وقضائه وقدره وضيق النفس