2nd
Nov.
Comments:
Disabled
Distributed SSH brute force blocker
So I got bored and wrote a script that parses a list displayed on my site.
So now you ask... what is it for? This list is generated from failed SSH brute force attempts. When the offending IP is banned, it is then added to the publicly available "ban list" which is then parsed by a secondary script, that then load's the offending IP address's into your iptables DROP list.
As of this post, the crontab script is still in a pretty beta form, and has no mechanism to check iptables to see if the IP is already listed. I will add additonal features as time permits.
2009-10-31 09:07:00,378SSH: Ban 220.225.237.146 2009-10-31 12:42:10,689SSH: Ban 91.144.140.98 2009-10-31 15:56:17,545SSH: Ban 78.157.32.5 2009-10-31 16:21:03,604SSH: Ban 59.41.254.83 2009-10-31 16:38:05,651SSH: Ban 59.41.254.83 2009-11-01 06:17:37,020SSH: Ban 121.156.220.22 2009-11-01 07:57:28,239SSH: Ban 61.129.60.23 2009-11-01 15:47:24,896SSH: Ban 87.229.24.95 2009-11-02 15:34:16,857SSH: Ban 66.6.136.12 2009-11-02 15:34:25,538SSH: ReBan 66.6.136.12 2009-11-02 16:32:29,900SSH: Ban 174.36.147.228 2009-11-02 16:50:17,741SSH: Ban 207.210.78.28 2009-11-02 16:52:22,754SSH: Ban 202.67.230.10 2009-11-02 16:53:07,770SSH: Ban 203.204.104.37 2009-11-02 17:01:00,823SSH: Ban 117.40.161.37 2009-11-02 22:20:36,053SSH: Ban 69.65.40.207 2009-11-02 22:20:42,298SSH: ReBan 69.65.40.207 2009-11-03 01:55:36,737SSH: Ban 202.76.67.45 2009-11-03 06:09:53,388SSH: Ban 194.224.170.134 2009-11-03 09:01:40,395SSH: Ban 125.64.12.30 2009-11-03 20:35:12,667SSH: Ban 66.0.60.22 2009-11-03 20:58:41,433SSH: Ban 66.0.60.22 2009-11-03 21:07:52,533SSH: Ban 94.102.5.98 |
Block These IP's from your server (download)
More details, and code edits/updates to come.. If you would like to submit feedback, please contact me via [tim\.galyean\{@}gmail\.com]