Re: Reporting brute force ssh login attempts

[Shri Shrikumar <shri@kraya.co.uk>]

Hi Peter,

Peter Colton wrote:
> A handy tool I use to cut down on ssh brute force attacks is fail2ban :  You 
> can install  it from backports.org. 
> Add the backport url to your sources.list
> http://www.backports.org/dokuwiki/doku.php?id=instructions
> Then after you have installed fail2ban comment out www.backports.org url in 
> your apt sources.list so that you will not bring in any unwanted packages in 
> the future.
>
> http://fail2ban.sourceforge.net/wiki/index.php/README
> http://www.ducea.com/2006/07/03/using-fail2ban-to-block-brute-force-attacks/
> http://www.debianhelp.co.uk/fail2ban.htm
>   

Thank you. That looks like a useful tool. I have already installed it on 
one server to see how it goes. Is there some way of also automatically 
reporting these ip's so that whoever is responsible for that server is 
alerted to a worm or whatever might be causing this?


Shri

--
Shri Shrikumar
Technologist Extraordinaire
Kraya

t: 0845 644 4745
d: 0131 247 8021
f: 0131 478 7377
w: www.kraya.co.uk