Automatically blacklist SSH hackers

Remember, you can always find us at

Flattr this

sshblack -- Automatically BLACKLIST SSH attackers

What is sshblack? (from the FAQ)

The sshblack script is a real-time security tool for secure shell (ssh). It monitors *nix log files for suspicious activity and reacts appropriately to aggressive attackers by adding them to a "blacklist" created using various firewalling tools -- such as iptables -- available in most modern versions of Unix and Linux. The blacklist is simply a list of source IP addresses that are prohibited from making ssh connections to the protected host. Once a predetermined amount of time has passed, the offending IP address is removed from the blacklist.

It is written in Perl but requires no special modules or libraries.

What defines an "attack" is determined by a variable in the source code. This is usually a character string like "Failed password" or "Illegal user" but can be anything that the administrator deems as an undesirable activity. I have heard from many users who are using it for many things other than ssh, including website monitoring, proxy server watchdog, and generalized network monitoring for prohibited activities (e.g. peer-to-peer filesharing).

See the Notes page for what's new in Version 2.8.1.

Please use the navigation buttons on the left or these:
        The Configuration Page for some pointers in setting up key variables
        The Notes Section for some comments and rants
        Upgrading Notes for some notes on upgrading an existing sshblack installation
        The Other Options Section for some discussion on increasing security of SSH organically
        The REGEX Section for a 30-second tutorial on setting up the whitelist REGEX
        The maintenance section for some tips on using cron, crontab and saving iptables configurations
        The Downloads to get the script


Version 2.8.1 in tar.gz format [Click to download]

The following are already in the tar balls above but they are included here individually for reference.

Version 2.8.1 README.TXT

Version 2.8.1 INSTALL.TXT

Older version if you should want it for some reason (like monitoring nginx or apache log files).

Version 2.8 in tar.gz format [Click to download]

backtrack yamj media jukebox popcorn hour pch users Wounded Warriors SOF email
Copyright 2007

Vectors at