BruteForceBlocker

BruteForceBlocker is a perl script, that works along with pf – firewall developed by OpenBSD team (Which is also available on FreeBSD since version 5.2 is out).

Its main purpose is to block SSH bruteforce attacks via firewall.

When this script is running, it checks sshd logs from syslog and looks for Failed Login attempts – mostly some annoying script attacks, and counts number of such attempts.

When the given IP reaches configured limit of fails, script puts this IP to the pf’s table and block any further traffic to the that box from the given IP (This also depends on your configuration in pf.conf).

Since the version of BruteForceBlocker 1.2 it is also possible to report blocked IPs to the project site and share your information with other users. The list of reported IPs is available here.

If you are bored of those automated auth tries, you will be happy with this script. BruteForceBlocker is easy to use, simple, and effective.

Git repository is available at https://github.com/dgerzo/bruteforceblocker

10 thoughts on “BruteForceBlocker

  1. FreeBSD/linux user

    Excellent utility.. My servers are mainly Debian Linux these days and if you think it’d be useful I’d be happy to make an IPtables/IPchains compatible version.

    Thanks for the good work!

  2. stewe

    Hi danger,

    I would like to know, if there is some advantage of using such a software, where denyhosts is available in ports. Will I profit from installing this?

    Thank you for your answer

    Have a nice day

  3. danger Post author

    Hi stewe,

    bruteforceblocker is available in ports too. As of the advantages, I don’t really know as I have never used denyhosts before. You should check each one’s features and decide yourself. BFB needs perl to run, while denyhosts seems to require python. Both thools seem to be providing exeternal database with denied clients. Note, that you can use BFB to protect other services as well (you only need to add new regexps to the script and modify syslog.conf appropriately).

  4. Sweg

    Is there anyway to contribute to this list? I do have several servers that run fail2ban, so setting up automatic reports to you should be fairly simply I guess

  5. Sergio

    Hi.
    First of all, I want to say thank you for the Black List that you manage.
    I use your BL in CSF and since a few days ago it was working perfectly, but seems that there was an update and now CSF can’t connect to download your black list.

    This is the error that my server is showing:
    Unable to retrieve blocklist BFB – Unable to download: Can’t connect to danger.rulez.sk:80 (Network is unreachable)

    Is there something that I have to check on my side?

    Thanks in advance for your answer.

    Best Regards,
    Sergio

  6. danger Post author

    Hi, I had some technical issues with the server and I have recently moved the project to a new host. It should be more stable now.

  7. danger Post author

    Hey, it should be a CET timezone. I have checked and the time was a bit off (a few minutes ahead) on the server, have fixed it. Thanks for letting me know.

Leave a Reply

Your email address will not be published. Required fields are marked *