fail2ban – lifesaver!

borrowed from Gizmodo

Hacking attempts and DDoS attacks are commonplace. In fact, its been just a week since I setup my RPi as an always-on device, with sshd service running. Today, I opened up the authentication logs and found 100s of login failures over ssh, all coming from China. I installed fail2ban which seamlessly takes care of banning clients with repeated login failures. It is easily configurable via a simple config file.

The attacks seems to be from a Linux Malware called XOR.DDoS (details here: XOR.DDoS)

These are the IP addresses seen attacking my RPi:

XOR.DDoS-IPs

(The number in the first column denotes the number of times the client has tried to connect and failed).

These are the messages in the auth.log:

XOR.DDoS-loginfail

Using ip2location, I traced them to:

XOR.DDoS-IP

Seriously! What are you trying to get from my RPi! Stop or I’ll have to send my attack cat to get you!

cat-tux

borrowed from rore@flickr

Everyone must install fail2ban (or equivalent) firewall programs for the always-on connected embedded devices like the RPi!

Advertisements

One thought on “fail2ban – lifesaver!

Comments are closed.