Howto block scripts kiddie’s

By On 18. August, 2005 · Leave a Comment · In computers, howto, software

So you probably have the same issue as I do – you see ‘[sshd] … Invalid user … ‘, a couple of hundred times a day. And would like to stop that, well you could write a script which scannes the /var/log/secure every couple of seconds, or you could do as I did.

First I figured out how to read from syslog in realtime. Next came the big one, how to make the whole thing work. Well I knew that my pipe was working, and the daemon thing – well it was running, but howto make it work. After some hours the result is actually working, and I only see one entry in my secure syslog per attempt to break in, and also only one entry in iptables (timing is the issue here).

If you’re interested in the code download it block_idiots_ssh.pl

It should be self explaining, otherwise use www.google.com to find out what it does (there are some pretty good perl sites out there) – not the most pretty perl code ever produced, but hey it is working.

 
If you enjoyed this article, please consider sharing it!
Reddit Facebook Twitter Delicious Mixx StumbleUpon Digg

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word

Set your Twitter account name in your settings to use the TwitterBar Section.