SSH hacked? DenyHosts VS Fail2ban
Mark Haney
mhaney at ercbroadband.org
Wed Jan 14 12:50:24 UTC 2009
Knapp wrote:
> First, I want to point out that DenyHosts has a mode to share break-in info
> and it is disabled by default. It also has a turned off email to the admin
> that would be good for me, because never look at logs; bet that is common
> for most home users too. Not sure what needs to be loaded for the email to
> work.
>
> So it looks like Fail2ban uses ipstables and Denyhosts does not. Not sure
> what that is worth.
>
> So anyone else ??
>
> I am sure we are all able to keep this from a flame war.
>
>
Fail2ban has a email alert system built in (long as mailx is installed)
which not only gives you IP but also does a whois lookup and cats that
to the email. I've used that with procmail to graph offending host IPs
by location. Mostly for giggles, but it's interesting to see the large
majority (80+%) come from Chinese IPs.
--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
More information about the ubuntu-users
mailing list