BASH script that detects illegal login attempts
Latest commit 578435a Mar 10, 2011 @raducotescu added # for a comment
Failed to load latest commit information.


This script allows you to automatically ban IPs from which your SSH server
receives incorrect login requests (typically brute-force attempts). The IPs
are kept in a file for further reference and each time a new IP is identified
the script will try to notify the ISP by sending an automated email (if sendmail
or any of its replacements that provide a similar interface are available - e.g.

1. Dependencies
Dependencies for sending emails: any MTA which provides a sendmail interface.

2. Configuration
For a list of configuration parameters check the script's content.

To make the script run automatically, use a cron job similar to the following:
	# this will run the script every 5 minutes
	*/5 * * * * ~/bin/
If you would also like to have a log with the script's output, modify the cron
job like this:
	*/5 * * * * ~/bin/ >> ~/bin/SSH-scanner.log
SSH-scanner.log should be a different file than the one specified inside the
script, in the $logfile parameter (that would be the log file where the sshd
daemon writes its entries) or in the $iplist one (that file is the file where
all the attacker's IPs are kept for future reference).

3. Tips and tricks
If you would like to permanently ban the gathered IP addresses from which the
script has discovered illegal login attempts, then at every boot you would have
to run a script that DROPs all traffic from each IP in the list using iptables.