BruteForceBlocker
BruteForceBlocker is a perl script, that works along with pf – firewall developed by OpenBSD team (Which is also available on FreeBSD since version 5.2 is out).
Its main purpose is to block SSH bruteforce attacks via firewall.
When this script is running, it checks sshd logs from syslog and looks for Failed Login attempts – mostly some annoying script attacks, and counts number of such attempts.
When the given IP reaches configured limit of fails, script puts this IP to the pf’s table and block any further traffic to the that box from the given IP (This also depends on your configuration in pf.conf).
Since the version of BruteForceBlocker 1.2 it is also possible to report blocked IPs to the project site and share your information with other users. The list of reported IPs is available here.
If you are bored of those automated auth tries, you will be happy with this script. BruteForceBlocker is easy to use, simple, and effective.
Git repository is available at https://github.com/dgerzo/bruteforceblocker
Excellent utility.. My servers are mainly Debian Linux these days and if you think it’d be useful I’d be happy to make an IPtables/IPchains compatible version.
Thanks for the good work!
There actually is iptables compatible version (although I have never tried it), which has been ported by one of bruteforceblocker’s users. You can download it from http://danger.rulez.sk/projects/bruteforceblocker/bruteforceblocker-iptables.tar.bz2 and give it a shot.
Hi danger,
I would like to know, if there is some advantage of using such a software, where denyhosts is available in ports. Will I profit from installing this?
Thank you for your answer
Have a nice day
Hi stewe,
bruteforceblocker is available in ports too. As of the advantages, I don’t really know as I have never used denyhosts before. You should check each one’s features and decide yourself. BFB needs perl to run, while denyhosts seems to require python. Both thools seem to be providing exeternal database with denied clients. Note, that you can use BFB to protect other services as well (you only need to add new regexps to the script and modify syslog.conf appropriately).
Due to Bad rating to the IP the IP was blacklisted.
Please delist the IP.
Is there anyway to contribute to this list? I do have several servers that run fail2ban, so setting up automatic reports to you should be fairly simply I guess