… or at least slow them down (using iptables on Linux)
When having a server with the port 22 open to the internet, you will find a sheer endless n...
For further actions, you may consider blocking this person and/or reporting abuse
It would be good to not forget about IPv6 too:
Thank you very much, i updated the snippet in the post 👍
BIG WARNING HERE!
If someone try that and don't add his IP as whitelisted (1.2.3.4 example) SSH connexions won't be blocked but they won't be accepted neither...
It's needed to add this line after the
iptables -A SSH_CHECK
rules:iptables -A SSH_CHECK -p tcp --dport 22 -j ACCEPT
Please update the example.
Anyway, thanks for this useful post!
You are right, this should be made explicit. In my case it was working, as my default for
iptables
was to accept packages, but i did not state this anywhere in my blog post. I will update the snippet to the one you posted in the other comment.Good catch and thanks for you valuable input 👍
Fail2ban jail for creating port 22 (SSH) honeypot
Tired of endless ssh bruteforce attacks ? Even if you are using a certificate or have disabled ssh access completely it will catch a whole lot of compromised IP's and consequently stop some other attack vectors on other ports and services. Port 22 is never missed by a port scan either so you might catch some of these too.
github.com/VedranIteh/fail2ban-ssh...
Thanks for the update!
FYI, there is the same post on medium which need an update:
medium.com/@dotbox/block-ssh-brute...
Thanks, i fixed it :-)