[rhn-users] Login
Lee Capps
lcapps at cteresource.org
Fri Dec 8 17:18:09 UTC 2006
On Dec 8, 2006, at 8:49 AM, Philippe B. Laval wrote:
> Thanks to all the suggestions I got. I am not a security expert on
> systems,
> but I have learned some since my system has been attacked. Hackers
> usually
> attack a system from other systems. When they have been discovered
> attacking from a system, they'll switch to a new one. Therefore,
> the IP
> addresses from which they attack are never the same. However, they
> can be
> spotted. Usually, the logs will show a specific IP address either
> trying to
> log into a single account repeatedly (meaning they are trying various
> passwords) or trying various accounts (meaning the hacker is trying
> to find
> an existing account on the machine). I was hoping (am hoping) that
> there is
> some software who can track this. When a login fails, the software
> should
> be able to determine if that IP is a legitimate user who just typed
> the
> wrong password or somebody conducting a systematic attack of the
> system.
> Does such a protection exist?
There is a python script called DenyHosts that does something like
what you're asking for:
http://denyhosts.sourceforge.net/faq.html
Best,
---
Lee Capps
Technology Specialist
lcapps at cteresource.org
More information about the rhn-users
mailing list