1

Block brute-force attack using lastb and iptables

view story
linux-howto

http://serverfault.com – Using linux lastb command, I found that my server is brute-force attacked from many different IPs around the world! I have developed an script to detect brute-force attackers by lastb and block them by iptables. Here is the script: #!/bin/bash cd /root/ windowSize=100 tresh=10 lastb | head -n $windowSize | awk '{print $3}' | uniq -c > .ips nlines=`wc .ips -l | awk '{print $1}'` END=`expr $nlines - 1 ` for i in `seq 0 $END`; do range=`expr $nlines - $i` count=`tail .ips -n $range | head -n 1 | awk '{print $1}'` if [ $count -gt $tresh ] ; then IP=`tai (HowTos)