ssh attack

DenyHosts monitors server logs and bans ips that exceed a certain number of failed logins. It is an effective security tool, written in python, this software helps to prevent brute force attacks on a virtual server.

Install DenyHosts

sudo rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
sudo yum install denyhosts

Whitelist IP Addresses

Edit the file : hosts.allow

nano /etc/hosts.allow

Under the description, add in any IP addresses that cannot afford to be banned from the server; you can write each one on a separate line, using this format:

sshd: 123.456.789.012

Apply the deny rule to all the other ips

We need to block everything by editing the following file:

$ nano /etc/hosts.deny
sshd: ALL   **

Restart DenyHosts

After making any changes, be sure to restart DenyHosts so that the new settings take effect on your virtual server:

/etc/init.d/denyhosts restart

Check denyhosts ssh logs to know how many attackers and hackers are attempted to gain access to your server use the following command:

# tail -f /var/log/secure