Projects / BlockHosts

BlockHosts

BlockHosts is a script to record how many times a local system is attacked, based on configurable scanning of system logs for sshd or other services. When a particular IP address exceeds a configured number of failed login attempts, that IP address is blocked using hosts.allow files, or by using null-routing, or by using packet filtering. An email notification facility is also available.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  23 Sep 2012 21:37

Release Notes: Now with IPv6 support. This is preliminary, and requires underlying tools to support IPv6.

  •  18 Jun 2011 11:02

Release Notes: This release fixed a failure to read time values on certain systems that occurred because Python strptime could not read times written by strftime on the same system. The solution was to remove the use of strptime from blockhosts.py.

  •  19 Mar 2011 20:24

Release Notes: The RPM package had an incorrect dependency on Python 2.6, which is now removed.

  •  15 Aug 2010 05:58

Release Notes: Detection of duplicate log messages was fixed, since it used to mask multiple login failures for sshd.

  •  17 May 2008 21:04

Release Notes: iptables is now updated by inserting blockhosts blocking rules at the beginning of the chain instead of at the end. This will allow servers with default policy of both DROP or ACCEPT to make use of blockhosts. Both INPUT and FORWARD chains will now block traffic from rogue IP hosts.

Screenshot

Project Spotlight

mhVTL

A Linux-based virtual tape library.

Screenshot

Project Spotlight

OpenNetHome

Home automation software.