Howto block scripts kiddie's

So you probably have the same issue as I do - you see '[sshd] ... Invalid user ... ', a couple of hundred times a day. And would like to stop that, well you could write a script which scannes the /var/log/secure every couple of seconds, or you could do as I did.

First I figured out how to read from syslog in realtime. Next came the big one, how to make the whole thing work. Well I knew that my pipe was working, and the daemon thing - well it was running, but howto make it work. After some hours the result is actually working, and I only see one entry in my secure syslog per attempt to break in, and also only one entry in iptables (timing is the issue here).

If you're interested in the code download it block_idiots_ssh.pl

It should be self explaining, otherwise use www.google.com to find out what it does (there are some pretty good perl sites out there) - not the most pretty perl code ever produced, but hey it is working.

Comments

Popular posts from this blog

Kviknet and IPv6

Apple AirPort Express and Digital Jitter..

MacOS Ventura: not able to ssh to ruckus switch (diffie-hellman-group1-sha1)