fail2ban – lifesaver!

borrowed from Gizmodo

Hacking attempts and DDoS attacks are commonplace. In fact, its been just a week since I setup my RPi as an always-on device, with sshd service running. Today, I opened up the authentication logs and found 100s of login failures over ssh, all coming from China. I installed fail2ban which seamlessly takes care of banning clients with repeated login failures. It is easily configurable via a simple config file.

The attacks seems to be from a Linux Malware called XOR.DDoS (details here: XOR.DDoS)

These are the IP addresses seen attacking my RPi:


(The number in the first column denotes the number of times the client has tried to connect and failed).

These are the messages in the auth.log:


Using ip2location, I traced them to:


Seriously! What are you trying to get from my RPi! Stop or I’ll have to send my attack cat to get you!


borrowed from rore@flickr

Everyone must install fail2ban (or equivalent) firewall programs for the always-on connected embedded devices like the RPi!