?

Log in

Eyes

blockPounders.py and SyslogParser.py

May  8 22:13:37 purple sshd[72792]: Invalid user a from 207.158.28.24
May  8 22:13:37 purple sshd[72795]: Invalid user b from 207.158.28.24
May  8 22:13:37 purple sshd[72797]: Invalid user c from 207.158.28.24
May  8 22:13:38 purple sshd[72799]: Invalid user d from 207.158.28.24
May  8 22:13:38 purple sshd[72801]: Invalid user e from 207.158.28.24
May  8 22:13:39 purple sshd[72803]: Invalid user f from 207.158.28.24
May  8 22:13:39 purple sshd[72805]: Invalid user g from 207.158.28.24
May  8 22:13:40 purple sshd[72807]: Invalid user h from 207.158.28.24
May  8 22:13:40 purple sshd[72809]: Invalid user i from 207.158.28.24
May  8 22:13:41 purple sshd[72811]: Invalid user j from 207.158.28.24
May  8 22:13:41 purple blockPounders.py[72794]: 207.158.28.24: 10 ssh attempts within 30 seconds, blocking for 10800 seconds

♥ Python and pf(4).  Take that, script kiddies!  XD

P.S. Yeah, the security/bruteforceblocker port does the same thing (for SSH); I “reinvented the wheel” because I:

  • Hate Perl,

  • Needed something to test SyslogParser.py with, and

  • Wanted to block brute-force FTP/POP/IMAP pounders as well.

XD

Comments

Yay!
Perl sucks! I agree! :D

Though I do all my scriptlets in PHP. :3