Today I got fed up with SSH attacks on my server and I decided to set up DenyHosts app to deal with all those attacks. The idea is simple enough, the app scans the /var/log/secure (or any other log file if not in default location) to find the unsuccessful login attempts to ssh. Then it decides if the failed attempts from the same ip repeats too much and if yes – puts that IP in the /etc/hosts.deny file to prevent a connection for the future.
In addition there are some other features like checking the ip against the database on the web to see it this ip is known for the attacks and so on, but I decided to make only basic processing now. We\’ll see how it will go.