Linux SoftwareSystemNetworkingBlockHosts 1.0.4

BlockHosts 1.0.4


BlockHosts is a script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a con
Developer:   Avinash Chopde
      more software by author →
Price:  0.00
License:   Public Domain
File size:   20K
Language:   
OS:   
Rating:   0 /5 (0 votes)
Your vote:  
enlarge screenshot


BlockHosts is a script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a configured number of failed login attempts, that IP address is added to /etc/hosts.allow (or optionally to any other file).

Requires python version 2.3 at a minimum, and runs on Unix-like machines only.

The BlockHosts script is most suitable for home Linux users, who need to keep ssh/ftp ports open.

Blocks IP addresses based on SSH or FTP incoming login failures, by looking at SSHD and ProFTPD logs, and updating hosts.allow as needed.
If you are a Linux user running SSH server, it is likely that you have been probed by script kiddies, and your daily LogWatch emails will show 100-150 login attempts in a short interval, before they go away.

There is no option in OpenSSH to make it difficult to slow down repeated login attempts coming from one IP address -- logins occur at a pretty fast clip -- one attempt every few seconds.

For a home or small business linux user at least, it does not make sense to keep the door open for logins for so long. Use this script, and see the daily LogWatch email notifications now showing only 7-9 login attempts, and remote hosts start getting "Refused incoming connection" messages.

Then, reading the daily LogWatch emails is not terrifying at all, in fact, it may be fun to see these script kiddies get blocked!

- Be sure to acquaint yourself with material available on the web, related to security, and denial-of-service. In particular, see the discussion in the OpenSSH mailing list related to SSHD blocking and FAIL_DELAY:
- Make your sshd/proftpd configurations as tight as possible. For example, for sshd - turn off root logins (PermitRootLogin), use the AllowUsers keyword to only allow one or a select usernames to be accepted. As far as possible, try to avoid common usernames, make even the user names hard to guess. For ProFTPD, use /etc/ftpusers, which contains names of users that will not be allowed to use FTP, root should be in there.
- Last, but not least - always use strong passwords! That is the only real protection.

blockhosts.py scans system logs, and looks for failed login attempts. It keeps a record of the number of times a particular IP address had a failed login. When the count exceeds a configured value, that IP address is added to /etc/hosts.allow with a deny flag, so the next time that IP address attempts to connect to that box, they will get a refused connection message.

Requirements:
  • Python, version 2.3 or later.
  • TCP_WRAPPERS should be enabled for all services, this will allows use of /etc/hosts.deny and /etc/hosts.allow files.
  • IPv4 addesses supported, IPv6 not supported at this time.
  • OpenSSH and proftpd logs can be scanned, other implementations or services may require adding pattern matching options to the default blockhosts.py configuration, see the appropriate section in blockhosts.cfg configuration file.

    What's New in This Release:
  • Handling of vsftpd was improved.
  • The documentation on the shortcomings of using blockhosts for vsftpd was updated.
    tags login attempts  etc hosts  hosts allow  see the  daily logwatch  failed login  logwatch emails  vsftpd was  the daily  logs and  python version  and proftpd  proftpd logs  

    Download BlockHosts 1.0.4


     http://www.aczoom.com/tools/blockhosts/BlockHosts-1.0.4-1.noarch.rpm
     http://www.aczoom.com/tools/blockhosts/BlockHosts-1.0.4.tar.gz


    Authors software

    BlockHosts 1.0.4 (by Avinash Chopde)
    BlockHosts is a script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a con


    Similar software

    BlockHosts 1.0.4 (by Avinash Chopde)
    BlockHosts is a script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a con

    DenyHosts 2.6 (by Phil Schwartz)
    DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

    If you've ever looked a

    RWSecure 0.2 (by R. Walz)
    RWSecure application parses the /var/log/secure file for invalid usernames or failed passwords to help protect against brute force an

    Bounce-O-Matic 0.9 (by Kevin Clarke)
    Bounce-O-Matic reads through the system log files at a specified time interval (via cron) and finds unwanted attempted logons

    BruteBlock 0.0.5 (by Alex Samorukov)
    BruteBlock project allows system administrators to block various bruteforce attacks on UNIX services

    sshutout 1.0.3 (by Bill DuPree)
    sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon.

    Fail2ban 0.7.4 (by Cyril Jaquier)
    Fail2ban is a tool that scans logs and bans IP that makes too many password failures

    WebKnock 21 (by Marco Paganini)
    Webknock project is a program that continuously scans Apache's "access" logfile and executes a configurable command when a certain UR

    SSH Rootkit 6 (by timecop)
    SSH Rootkit is a patch for latest version of SSH 1.2 to enable "rootkit" features like incoming/outgoing password logging, "global pa

    NoNox 1.17 (by Jim Youll)
    NoNox watches log files for events such as "failed password".

    When such a pattern is seen several times within a specified time peri


    Other software in this category

    Nmap 4.20 (by Fyodor)
    Nmap is a utility for network exploration or security auditing

    iptables 1.3.7 (by Harald Welte)
    iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel

    Linux Bandwidth Arbitrator 9.62 (by astormchaser)
    Linux Bandwidth Arbitrator allows beginning-to-advanced network administrators to control bandwidth

    Ettercap 0.7.3 (by ALoR NaGA)
    Ettercap is a network sniffer/interceptor/logger for ethernet LANs

    rdesktop 1.5.0 (by matthewc)
    rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin

  •     search


    Featured Software

    jEdit 4.3 pre8
    jEdit is an Open Source text editor written in Java

    Opera 9.02
    Surf the Internet in a safer, faster, and easier way with Opera browser

    GNU Aspell 0.60.4
    GNU Aspell is a Free and Open Source spell checker designed to eventually replace Ispell


    Subscribe in Rojo
    Google Reader
    Add to My Yahoo!

    Add to My AOL
    Subscribe with Bloglines
    Subscribe in NewsGator Online
    Add 'nixbit linux software' to Newsburst from CNET News.com
    del.icio.us nixbit linux software


    Top tags