Blacklisting (and blocking) remote sites - blt.tar.gz (0/1)

Joerg Anslik joerg at anslik.de
Thu Dec 27 14:55:22 PST 2007


Hi all,

you probably also get your logfiles flooded with lines reporting
failed login attempts via ftp or ssh from remote sites.

Although I believe my passwords are safe, I find these entries pretty
annoying, and therefore looked for a way to deny the sites in question
further login attempts using the tcpwrapper config file,
/etc/hosts.allow.

There are many tools out there on the net who manage this task, but I
found them kind of overkill, and many of them require additional
programming languages to be installed on the system. I also found
"port knocking" and related stuff not sufficient for my own humble
needs.

So here's my homebrewed blacklisting toolset, consisting of just two
simple shell scripts and a master configuration file.

If you just want to maintain a blacklist file for remote sites without
blocking them, the "bflogger" script comes in handy. If you want to
deny future access to the sites in the blacklist file, call the
"pnblocker" script to automagically keep your /etc/hosts.allow up to
date.

You can also set up new rules for additional services to be monitored,
the README included in the archive explains how to do just that.

I tested this stuff for about two weeks now, and I'm still having fun
watching my blacklist file grow and remote sites bouncing off at the
gate.

So, maybe this is what you've been looking for, and due to its small
size, I dare to directly attach the archive to this post.


Enjoy the show

--Joerg





More information about the Users mailing list