Back on track with fail2ban and OSSEC HIDS

10 Jun

Recently I noticed continuous DDOS attacks on the MobileChicks.Co main server.

And I’ve learned that this seems to be an enduring state, even on Linux server machines nowadays.  Just like annoying spam have attacks on your property become some sort of background noise. However I can’t imagine how to adopt that criminal behavior to the real world. It would be like observing an individual from your house window constantly trying to unlock the doors of your car. How would you behave in that situation, if you simply can’t find anyone that seems to be responsible for the protection of your property and the punishment of the bad guys?

I’ve searched and found fail2ban quite suitable [1]. This script does what I had done manually, it adds IP Adresses to the firewall (iptables) to be blocked. It actually looks in the log files like /var/log/auth.log for ssh to identify intrusion trials. But it provides much more than only ssh port protection.

I also ran into OSSEC HIDS [3] which is a much more user friendly host-based intrusion detection system and which provides extraordinary monitoring features for server clusters.

Don’t you believe in daily internet crimes against the property of others? So just have look at the offender lists of the fail2ban reporting service. And yes of course, most computers from which attacks have been initiated were hijacked and assimilated beforehand. Hackers constantly try to increase the pool of their Bot-networks.


[1] fail2ban. Automatic iptables software.

[2] fail2ban reporting service.


Leave a comment

Posted by on June 10, 2013 in Business, Intern, System Administration


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: