Block access to your dedicated server automatically if more than 3 failed logins
Lately I have been noticing high activity of cyberattacks. In fact, a few of our servers got hit and had to be rebuilt. Of course some of these servers were never built with security in mind. We did manage to save all the data and the redo took less than one day total so the end result is great overall with fully patched servers, firewall, email alerts in place, and finally a way to automatically block failed logins. I’ll show you how to setup the last part, it is actually quite easy.
So, I assume you have a CentOS server. I am using CentOS 5.3 fully updated (yum update) and i have the atomicorp repository setup. The atomicorp is not necessary (it seems) but will allow you to use newer versions of PHP and other packages. The package that will do the work is called fail2ban. A simple install seems to take care of it for us:
yum install fail2ban
Lets install the service, in case that we restart the server – the service will automatically start running, I use ntsysv for this:
ntsysv (hit enter, select the service, make sure it has a start inside the brackets, and click 'ok')
Lets start the service:
service fail2ban start
Here is recommend to setup a auto forward on the root emails to you:
echo 'youremail@yourdomain.com' > ~/.forward
You should be all set. Try to check the log files once a week after the install, see if the service actually blocked potential hackers. Let me know if this worked for you or if you are using a better package?
