Self-writing programs prevent brute force Linux FTP cracking

Recently, it was found that Linux is scanning SSH, MYSQL, and FTP for brute force cracking! Specifically, I wrote a script program to solve the problem. In theory, this script can be used as long as it is an external network application service, because its implementation principle is very simple, "read through the program-> log files with login information verification-> call iptables to directly block"

Script: http://www.bkjia.com/uploadfile/2012/0823/20120823113147832.zip


For FTP, I use Pure-ftp as the FTP server. The log file is bound with the System log File:/var/log/messages. After knowing this, I will explain how to use this script.

I. Modify the Script Parameters as follows:

1. vi deny_port open this script and find # Basic steup to modify the following five parameters as required.

 

1. #Basic steup  

2. Deny_port = '21' service port

3. Log_path = '/var/log/messages' FTP log File Location

4. Ip_count = '30' cumulative verification failure multiple times, Block

5. Aut_message = tm [] + '. * pure-ftpd. * failed. *' Capture FTP Log failure verification information

6. List_path = '/shell/ip_list.txt record and block the IP List Directory (this file program will be automatically created)

 

Note: aut_message = tm [] + '. * pure-ftpd. * failed. * This may be confusing. How can this be changed.

A: tm [] indicates the current time, which does not need to be changed.

B:. * indicates multiple strings.

The format of my failed verification information is as follows: tm [4: 10] (current time) + '. * pure-ftpd. * (From pureftpd) failed. * (to failed and the end) Understand.

Aug 20 21:44:54 localhost pure-ftpd :(? @ 192.168.2.2) [WARNING] Authentication failed for user [kkk]

Note: by modifying the above five parameters, You can conclude that the same IP address failed to use FTP for Logon verification more than 30 times on the same day, and the IP address was blocked.

Ii. use scripts

1: chmod 700 deny_port.py: Set the permission to www.2cto.com.

2:./deny_port.py run the script manually. If the following error is found, it is because the log file does not contain logon Failure Information. You can ignore this error!

1. Traceback (most recent call last): 

2.   File "./deny_port.py", line 49, in <module> 

3.     D.iptables() 

4.   File "./deny_port.py", line 40, in iptables 

5.     in self.ip_list.readlines(): 

6. AttributeError: port instance has no attribute 'ip_list' 

3: Run vi/etc/crontab in the scheduled task every one minute.

1. * * * * * root /shell/deny_port.py 

 

Iii. test whether the script is successful

How to test it? Change the number ip_count in the five basic parameters to a smaller value. Here I will change it to ip_count = '1'

Then, use FTP to intentionally enter the wrong password and ask it to verify the password,

Then wait for one minute and use iptables -- list to check whether it is blocked.

Try again to log on to FTP. the login information is completely blocked.

Good luck! The original code is appended.