Fun with DenyHosts

06 Feb 2006

RubyForge has always been plagued by dictionary attacks - scripts that hit the SSH port 10K times a day trying to guess passwords. This wastes resources and, more annoyingly, causes the logwatch reports to be huge. They were getting up to 500-600 KB per day.

So I set up DenyHosts, which monitors secure.log and adds apparent attackers to hosts.deny. This was just what the doctor ordered; my logwatch reports have gone down to a much more maneagable 10K. A couple of things:

Props to Phil Schwartz for writing such a fine app. I intend to make a donation; it's definitely worth it.