Modified: May 24 2006 04:37:09
My machine is on the net, all the time. its just the way i want it to be. But apparently there is some zombie/script out there that just runs a brute force attack against ssh and ftpd's.
I see this thing being run against my machine all the time. Whats sad is that it's the same tired old user list every time. it's just a waste of my bandwidth.
So I tire of watching the logs and editing up my hosts.deny file by hand to stop the attacks. Laziness, being one of the virtues of a great programmer, told me to write a script so that i wouldnt have to do that any more.
I wrote my script as an exploratory exercise in ruby. Turns out my script is simple and effective. So effective in fact that i run it on my machine every 5 minutes at this point.
Basically it scans /var/log/messages and /var/log/secure for a set of messages that daemons log when they have invalid login attempts. If i get more than a threshold amount of these attacks from a certain host, it gets flagged and goes in /etc/hosts.deny.
simple.without further delay i present autodeny.rb