Howto block scripts kiddie’s

Written on 18. August, 2005 – 8:07 pm | by Casper |

So you probably have the same issue as I do – you see ‘[sshd] … Invalid user … ‘, a couple of hundred times a day. And would like to stop that, well you could write a script which scannes the /var/log/secure every couple of seconds, or you could do as I did.

First I figured out how to read from syslog in realtime. Next came the big one, how to make the whole thing work. Well I knew that my pipe was working, and the daemon thing – well it was running, but howto make it work. After some hours the result is actually working, and I only see one entry in my secure syslog per attempt to break in, and also only one entry in iptables (timing is the issue here).

If you’re interested in the code download it block_idiots_ssh.pl

It should be self explaining, otherwise use www.google.com to find out what it does (there are some pretty good perl sites out there) – not the most pretty perl code ever produced, but hey it is working.

Related Posts

Put your related posts code here

Post a Comment

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word