Install DenyHosts on Ubuntu

DenyHosts is a software to block attackers that try to access your server via SSH. If you see failed login attempts in /var/log/auth.log like “Failed password for invalid user test” or “Failed password for root from x.x.x.x” and want to secure your server, DenyHosts is your friend.

Install DenyHosts with

apt-get install denyhosts

Edit /etc/denyhosts.conf and verify the following options.

ADMIN_EMAIL = youremailaddress@example.org PURGE_DENY = 3d

If you like to receive an email when an IP is blocked enter your email address as ADMIN_EMAIL (useful in the beginning to see if it’s working). Leave the parameter blank if you don’t want to be notified by email.
By default IP addresses will blocked forever, I find it sufficient to only block them for a few days (PURGE_DENY = 3d).

Another great feature of DenyHosts is that you can enable synchronisation support and see which IP addresses other users of the software have blocked and automatically block these also. A statistical summary is available at http://stats.denyhosts.net/stats.html. To enable this feature set the following options.

SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 SYNC_INTERVAL = 1h SYNC_UPLOAD = yes SYNC_DOWNLOAD = yes SYNC_DOWNLOAD_THRESHOLD = 5

SYNC_UPLOAD will upload your blocked IPs to the DenyHosts website for others to block, SYNC_DOWNLOAD will download the list of IPs others have blocked. An IP address will be blocked on your server if as many people as specified in SYNC_DOWNLOAD_THRESHOLD have blocked an IP. This prevents a single user from abusing the system.

After making changes to the configuration, don’t forget to restart DenyHosts so that they become active.

/etc/init.d/denyhosts restart

An alternative to DenyHosts that not only scans SSH but also e.g. HTTP log files is Fail2Ban.

Install DenyHosts on Ubuntu
Share this