Extending Advanced Policy Firewall with Brute Force Detection

In my previous article I discussed setting up the Advanced Policy Firewall on your servers. So now your servers are protected – but what happens when you get an attack at a legitimate service? SSH? MySQL? Apache? In a series of articles I’ll discuss implementing some best practises to help avoid server nightmares.

SSH – Introducing BFD

BFD is a modular shell script for parsing application logs and checking for authentication failures. In it’s simplest form BFD will monitor your SSH log files for potential attacks and take preventative action.

[codesyntax lang=”bash”]
wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar zxpfv bfd-current.tar.gz
cd bfd-1.4/
sh install.sh

Thats it. The default options are perfect to use with APF. It will block an attackers IP after 15 incorrect login attempts.
Feel free to edit the config file if you want your Inbox full of emails telling you its blocked someone. Trust me, you’ll get fed up of it in 15 minutes.

Author: Kieran Barnes

Kieran is a PHP developer with 15 years commercial experience. Specialist in WordPress, CakePHP, CubeCart and all things PHP.

Leave a Reply

Your email address will not be published. Required fields are marked *