Back to home

How can I protect myself from SSH/FTP Brute Force Attacks?

All server services that use the TCP Wrapper can be protected against Brute Force Attacks. These are server services such as SSH and FTP which determine whether an IP address may connect or not on the basis of the /etc/hosts.allow and /etc/hosts.deny files.

The automatic protection against Brute Force Attacks is realised via the /etc/hosts.deny file aggregated from several hundred servers.

If, for example, any computer in the Internet attempts to log on to a server using different user name/password combinations, the computer will be placed on the blacklist after the tenth attempt. As a consequence of this, it can no longer connect to the respective service for 60 minutes. This measure applies for the complete nine.ch network.

Customers who operate a Root VServer, Root Server, Server Housing, or Colocation can also benefit from this mechanism. Place the following line into the /etc/crontab. It checks whether a new version of the /etc/hosts.deny code is available every 5 minutes, and download it right to the appropriate location.

*/5 * * * * root cd /etc && wget -N http://logv1.nine.ch/hosts.deny >/dev/null 2>&1

If you are running another cronjob simultaneously all 5 minutes, this could result in errors. For this use case we recommend the following line instead of the above one.

*/5 * * * * cd /tmp && wget -N http://logv1.nine.ch/hosts.deny >/dev/null 2>&1 && cp hosts.deny /etc/hosts.deny

With this line added the cronjob will first check if a new version of the /etc/hosts.deny is available and then download the file to the /tmp directory. And only after the file is fully downloaded it will copy this from /tmp/hosts.deny to /etc/hosts.deny.

Didn't find what you were looking for?

Contact our support:

+41 44 637 40 40 support@nine.ch