VPS class=”stripstr”> VPS force attack on the DenyHosts">Linux VPS to stop SSH brute VPS class=”stripstr”> VPS force attack on the DenyHosts
1, download and unzip DenyHostsLinux VPS to stop SSH brute force attack on the DenyHosts
# How long after the removal has been prohibited by
# Python setup.py install
The default is installed into / usr / share / denyhosts / directory into the appropriate directory to modify configuration files
PURGE_DENY = 5m
# Allow root of the number of failed login
DENY_THRESHOLD_VALID = 10
BLOCK_SERVICE = sshd
# Whether to do domain inverse solution
Now the Internet is very insecure, many people have nothing to Take the number of scanners scan ssh port, and then attempts to connect to ssh brute-force port (exhaustive scan), it is proposed that vps hosting space, try to set up a complex ssh login password, although the Linux VPS was introduced some time ago to prohibit the use of an IP access hosts.deny prohibit certain IP access, but the lack of functionality, such as: does not automatically shield, then what better way to do, you can use this software in denyhosts It will analyze / var / log / secure (redhat, Fedora Core) and other log file, when discovered during the same IP multiple SSH password attempts will be recorded when the IP to / etc / hosts.deny files, so as to achieve automatic shielding of the IP purposes.
If you want DenyHosts start automatically after each restart needed to make the following settings:
# Cd / etc / init.d
# Ln-s / usr / share / denyhosts / daemon-control denyhosts
# Chkconfig-add denyhosts
# Chkconfig-level 2345 denyhosts on
Or execute the following commands will modify the / etc / rc.local file:
# Echo 鈥/ usr / share / denyhosts / daemon-control start鈥>> / etc / rc.local
DENY_THRESHOLD_ROOT = 5
# sshd log file, which is the basis of this document to determine, different operating systems, the file name is slightly different.
HOSTNAME_LOOKUP = NO
# Prohibited by service name
For more instructions please see the README text file that comes with good maintenance of VPS would be the future of the province, some heart, but you VPSer the attention of the security is relative Oh, there is no absolute safety, please check your regular or irregular The VPS host, but also to regularly back up your data oh.
SECURE_LOG = / var / log / secure
# Cd / usr / share / denyhosts /
# Cp denyhosts.cfg-dist denyhosts.cfg
# Cp daemon-control-dist daemon-control
# Allow ordinary users to log the number of failed
The default setting for centos system environment already, you can use the vi command look denyhosts.cfg and daemon-control, which are explained in detail
Then use the following command to start denyhosts program
# Chown root daemon-control
# Chmod 700 daemon-control
#. / Daemon-control start
DAEMON_LOG = / var / log / denyhosts
2, installation, configuration and start
# Wget http://soft.vpser.net/security/denyhosts/DenyHosts-2.6.tar.gz
# Tar zxvf DenyHosts-2.6.tar.gz
# Cd DenyHosts-2.6
DENY_THRESHOLD_INVALID = 1
HOSTS_DENY = / etc / hosts.deny
DenyHosts鈥檚 official website: http://denyhosts.sourceforge.net/
DenyHosts configuration file denyhosts.cfg Description:
# Control user login file
# Allow the number of invalid user failedLinux VPS to stop SSH brute force attack on the DenyHosts
Article Source : Linux VPS to stop SSH brute force attack on the DenyHosts
Linux VPS to stop SSH brute force attack on the DenyHostsLinux VPS to stop SSH brute VPS force attack on the DenyHosts