Wednesday, December 16, 2009
If you have Linux with ssh exposed to the internet, fail2ban is a must. I have a Linux VM which allows SSH connections via the internet. It doesn't have a static ip address, but I am using dyndns to make it easier for me to access from outside.
Within a few days of opening the port on the firewall, the logs started filling with attempts to break in. There are repeated attempts to login with an alphabetical list of usernames, all from an IP address which is located in China. Fail2Ban lets you set limits on how many times a single IP address can fail login before that IP address is banned for some specific amount of time.
It is found in most of the repositories, and is easy to set up. Check out the website for configuration details (http://www.fail2ban.org/)