Hello,


I'm having some bot(s) trying to bruteforce my server, how can I block these IP-addresses in an easy way?

I know that this is automated, but I still want them gone to not fill up my logs.

Any advice? Can I go into the firewall and block them there without having the firewall running?



Feb 11 05:13:09 boxname sshd[27919]: Failed password for root from 189.136.243.242 port 48690 ssh2
Feb 11 05:13:12 boxname sshd[27972]: Failed password for root from 189.136.243.242 port 48748 ssh2
Feb 11 05:13:14 boxname sshd[28020]: Failed password for root from 189.136.243.242 port 48808 ssh2

BFD (Brute Force Detection) is not included in your Interworx Panel, but you can easely install it by yourself. See the How To under the line in this message. If you wan't block manual an IP Just go into Interworx/Nodeworx and goto "server" in your menu and then to you "Firewall" Under the most right section in you panel now you see the second box with: Blocked IP's insert here you IP that you whish to block. Push update and then you are ready.

NOTE! a Brute Force Atack without a script like above will NOT block the IP's automaticly !!!!!!!

---------------------------------------------------------------

Interworx doesn't have a BFD but you can Install it very easy and it works with your Interworx Firewall.

Here is a simple HowTo for BFD.

HowTO:

Install BFD (Brute Force Detection)
Login in SHH as root.
# cd /root/downloads
# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
# tar -xvzf bfd-current.tar.gz
# cd bfd-0.9
# ./install.sh

After installing BFD change next:
# nano /usr/local/bfd/conf.bfd

Scroll down:
ALERT_USR="0"
Change to:
ALERT_USR="1"

Search for:
EMAIL_USR="root"
Change to:
EMAIL_USR="your@email.nl"

Save file :
ctrl+x "yes" [ENTER]

Start BFD:
# /usr/local/sbin/bfd -s

Thank you very much for this information, Rone! However, I am hesitant to install it because I don't want any compability issues, especially not with the upgrade coming - sometime.

It is a stand alone script that sends the data to the APF firewall, when the upgrade comes it sure won't give any conflicts with the V3.

Maybe that someone from Interworx will confirm this?

That's what I'd like to hear/read too ;)

Confirmed! :) There shouldn't be any problems with having BFD installed. Unless of course it somehow ends up blocking the updates server, but I can't see how that would happen.

Thanks for the info Socheat! :)

Can I have the APF firewall disabled and still run BFD?

No that isn't possible. But why would you disable your firewall? Are you tired of a secured server?

It was more of a general question :)

Start BFD:
# /usr/local/sbin/bfd -s

Does the above enable bfd to start with the server?

Henrik:

Follw these instructions and it will works, i used too
HowTO:

Install BFD (Brute Force Detection)
Login in SHH as root.
# cd /root/downloads
# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
# tar -xvzf bfd-current.tar.gz
# cd bfd-0.9
# ./install.sh

After installing BFD change next:
# nano /usr/local/bfd/conf.bfd

Scroll down:
ALERT_USR="0"
Change to:
ALERT_USR="1"

Search for:
EMAIL_USR="root"
Change to:
EMAIL_USR="your@email.nl"

Save file :
ctrl+x "yes" [ENTER]

Start BFD:
# /usr/local/sbin/bfd -s

I followed 'em, thanks! :) I only wonder if BFD will be started with APF at boot-time...

I followed 'em, thanks! :) I only wonder if BFD will be started with APF at boot-time...

Not 100% sure, just do:

Start BFD:
# /usr/local/sbin/bfd -s

Then you know for sure it works.