The Tridecadal Korean (astralblue) wrote,
The Tridecadal Korean
astralblue

  • Mood:

blockPounders.py and SyslogParser.py

May  8 22:13:37 purple sshd[72792]: Invalid user a from 207.158.28.24
May  8 22:13:37 purple sshd[72795]: Invalid user b from 207.158.28.24
May  8 22:13:37 purple sshd[72797]: Invalid user c from 207.158.28.24
May  8 22:13:38 purple sshd[72799]: Invalid user d from 207.158.28.24
May  8 22:13:38 purple sshd[72801]: Invalid user e from 207.158.28.24
May  8 22:13:39 purple sshd[72803]: Invalid user f from 207.158.28.24
May  8 22:13:39 purple sshd[72805]: Invalid user g from 207.158.28.24
May  8 22:13:40 purple sshd[72807]: Invalid user h from 207.158.28.24
May  8 22:13:40 purple sshd[72809]: Invalid user i from 207.158.28.24
May  8 22:13:41 purple sshd[72811]: Invalid user j from 207.158.28.24
May  8 22:13:41 purple blockPounders.py[72794]: 207.158.28.24: 10 ssh attempts within 30 seconds, blocking for 10800 seconds

♥ Python and pf(4).  Take that, script kiddies!  XD

P.S. Yeah, the security/bruteforceblocker port does the same thing (for SSH); I “reinvented the wheel” because I:

  • Hate Perl,

  • Needed something to test SyslogParser.py with, and

  • Wanted to block brute-force FTP/POP/IMAP pounders as well.

XD

Subscribe

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment