Fight Brute Force Attacks with DenyHosts

A Brute force attack is a particularly sinister way for those with malicious intent to gain access to your server.  The premise of this type of attack is to ultimately have root access in order to accomplish whatever goal the attacker may have.  To do this, the attacker typically uses software that attempts to guess your password through multiple failed login attempts.  If there is no security in place, these failed login attempts could continue indefinitely until it guesses correctly.

The first and most important way to defend your server from a brute force attack is to have a strong password, one that is not easy to guess using dictionary software.  After that you can take other security measures, such as using DenyHosts.

DenyHosts is a script that helps stop SSH brute force attacks.  It monitors logs to find any brute force attempts.  Any host that exceeds the specified number of failed login attempts is added to the “evil hosts” list.  For those hosts that are known to be attackers, DenyHosts adds them to /etc/hosts.deny to prevent them from making future login attempts.  It keeps a history log of all suspicious and known malicious attempts, and it also can optionally notify you of this activity.

DenHosts is free and open source software, released under the GNU General Public License.  You can download it for your server from the project’s website.  You may also find binary packages for it in various Linux distribution and BSD repositories.