BruteForceBlocker is a perl script, that works along with pf – firewall developed by OpenBSD team (Which is also available on FreeBSD since version 5.2 is out).
Its main purpose is to block SSH bruteforce attacks via firewall.
When this script is running, it checks sshd logs from syslog and looks for Failed Login attempts – mostly some annoying script attacks, and counts number of such attempts.
When the given IP reaches configured limit of fails, script puts this IP to the pf’s table and block any further traffic to the that box from the given IP (This also depends on your configuration in pf.conf).
Since the version of BruteForceBlocker 1.2 it is also possible to report blocked IPs to the project site and share your information with other users. The list of reported IPs is available here.
If you are bored of those automated auth tries, you will be happy with this script. BruteForceBlocker is easy to use, simple, and effective.
Git repository is available at https://github.com/dgerzo/bruteforceblocker
Excellent utility.. My servers are mainly Debian Linux these days and if you think it’d be useful I’d be happy to make an IPtables/IPchains compatible version.
Thanks for the good work!
There actually is iptables compatible version (although I have never tried it), which has been ported by one of bruteforceblocker’s users. You can download it from http://danger.rulez.sk/projects/bruteforceblocker/bruteforceblocker-iptables.tar.bz2 and give it a shot.
Hi danger,
I would like to know, if there is some advantage of using such a software, where denyhosts is available in ports. Will I profit from installing this?
Thank you for your answer
Have a nice day
Hi stewe,
bruteforceblocker is available in ports too. As of the advantages, I don’t really know as I have never used denyhosts before. You should check each one’s features and decide yourself. BFB needs perl to run, while denyhosts seems to require python. Both thools seem to be providing exeternal database with denied clients. Note, that you can use BFB to protect other services as well (you only need to add new regexps to the script and modify syslog.conf appropriately).
Due to Bad rating to the IP the IP was blacklisted.
Please delist the IP.
Is there anyway to contribute to this list? I do have several servers that run fail2ban, so setting up automatic reports to you should be fairly simply I guess
Hi.
First of all, I want to say thank you for the Black List that you manage.
I use your BL in CSF and since a few days ago it was working perfectly, but seems that there was an update and now CSF can’t connect to download your black list.
This is the error that my server is showing:
Unable to retrieve blocklist BFB – Unable to download: Can’t connect to danger.rulez.sk:80 (Network is unreachable)
Is there something that I have to check on my side?
Thanks in advance for your answer.
Best Regards,
Sergio
Hi, I had some technical issues with the server and I have recently moved the project to a new host. It should be more stable now.
What is the timezone for timestamps of IOCs in the blacklist ? https://danger.rulez.sk/projects/bruteforceblocker/blist.php
We sometime have future timestamp processing this output using bratislava timezone.
Hey, it should be a CET timezone. I have checked and the time was a bit off (a few minutes ahead) on the server, have fixed it. Thanks for letting me know.