Gimparoo!

This post does not have anything to do with the GIMP. If you don’t care about Linux server administration, you should just skip this post.

I run a very small Ubuntu LAMP server that I use for small tasks such as Perl and C programming and a personal wiki. This morning, I was checking out /var/log/auth.log, and noticed multiple login failures for user ‘root’ from a strange IP; specifically 60.28.201.57. A whois lookup revealed that the IP was from China. The activity is typical of brute force cracking, so I started to get a little worried. Thinking I’d have to bite the bullet and install a firewall, something I didn’t want to do due to the very small amount of resources this server has, I did an apt-cache search for ‘firewall’ and began the tedious process of reviewing the results.

Well, I didn’t have to look long. Not far down the list was an entry called ‘denyhosts’ with the description: an utility to help sys admins thwart ssh hackers. Well this is exactly what I’m trying to prevent, so I went to their website and read up. It sounded perfect, so I went ahead and installed it. Immediately after install, I got a system message saying I had email. The email informed me that IP  60.28.201.57 had been added to the deny list. Wow! That was fast, and easy. I literally didn’t have to do anything. That’s the kind of tool I like! It’s also FOSS, and in the Ubuntu repositories.

In short, if you host a LAMP server, even if it’s not Ubuntu, I highly recommend DenyHosts as a simple solution for preventing this type of attack.