Extending Advanced Policy Firewall with Brute Force Detection
In my previous article I discussed setting up the Advanced Policy Firewall on your servers. So now your servers are protected - but what happens when you get an attack at a legitimate service? SSH? MySQL? Apache? In a series of articles I'll discuss implementing some best practises to help avoid server nightmares.
SSH - Introducing BFD
BFD is a modular shell script for parsing application logs and checking for authentication failures. In it's simplest form BFD will monitor your SSH log files for potential attacks and take preventative action.
- wget http://www.rfxn.com/downloads/bfd-current.tar.gz
- tar zxpfv bfd-current.tar.gz
- cd bfd-1.4/
- sh install.sh
Thats it. The default options are perfect to use with APF. It will block an attackers IP after 15 incorrect login attempts.
Feel free to edit the config file if you want your Inbox full of emails telling you its blocked someone. Trust me, you'll get fed up of it in 15 minutes.
Related posts
- Advanced Policy Firewall (for cPanel)
More retro software that has been with us for years - APF - Advanced Policy... - [Snippet] CentOS Server Firewall Configuration
CentOS 5 Server has a nice text interface to configuring your firewall.... - Force jQuery Version in WordPress
Here's the right way to load a specific version of jQuery in WordPress. With each... - CentOS / cPanel Firewall Setup
I almost like CentOS now. That doesn't mean I can't get used to this daft... - [Snippet] Create a large file in Linux
Need to create a large file? For disk speed tests? Or space tests? This will...
