BruteForceBlocker is a Perl script that works along with PF to block brute force attempts to log in to ssh. Functionality When this script is running, it checks sshd logs from syslog and looks for Failed Login attempts - mostly some annoying script attacks, and counts number of such attempts. When the given IP reaches configured limit of fails, script puts this IP to the pf’s table and block any further traffic to that box from the given IP (This also depends on your configuration in pf.conf). Since the version of BruteForceBlocker 1.2 it is also possible to report blocked IPs to the project site and share your information with other users. The list of reported IPs is available BruteForceBlocker list.
|