Comments on: 5 Best Practices to Prevent SSH Brute-Force Login Attacks in Linux

By: Defying Demon

Defying Demon — Wed, 07 Jun 2023 22:08:30 +0000

In reply to Rogacz.

I love Tecmint’s Linux content and I’ll like to receive such useful content more in the future.

By: Ravi Saive

Ravi Saive — Tue, 27 Sep 2022 04:50:46 +0000

In reply to Rogacz.

@Rogacz,

Thanks for sharing the tip…

By: Rogacz

Rogacz — Mon, 26 Sep 2022 08:26:52 +0000

I found that disabling old Algorithms Ciphers and Mac (see: https://infosec.mozilla.org/guidelines/openssh ) also helps as those auto attacks try to use old clients and fail on trying to negotiate the connection.

By: Scott

Scott — Tue, 28 Dec 2021 19:17:02 +0000

# cat /etc/redhat-release
CentOS Linux release 8.5.2111

# rpm -qa | grep epel-release
epel-release-8-13.el8.noarch

# yum install denyhosts
No match for argument: denyhosts

By: Seann Giffin

Seann Giffin — Sun, 15 Oct 2017 01:01:43 +0000

This is good. I took it one step further too. I took all the blocklists maintained by http://www.wizcrafts.net/iptables-blocklists.html and saved them into a single file, then wrote this shell script to filter the comments out of the list and use iptables to block entire ranges:

#/bin/bash
file="wiznets.txt"

while read line; do
    echo " "
    echo "Current Line: $line"
    if [[ ${line:0:1} == [0-9]* ]]; then        
        iptables -I INPUT -s $line -j DROP
        echo "$line is a valid IP range. Added to iptables block list."
    else
        echo "$line was skipped. Not a valid IP."
    fi
done <"$file"