Welcome to DenyHosts
Home |
FAQ | About |
Statistics |
Links |
Features |
Download |
SourceForge
Welcome to DenyHosts
70,000+ synchronization users
Denyhosts now has over
70,000 users
contributing synchronization data and thousands more using DenyHosts
without the optional synchronization feature..
What is DenyHosts?
DenyHosts is a script intended to be run by Linux system administrators to help
thwart SSH server attacks (also known as dictionary based attacks and brute force
attacks).
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be
alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but
then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain
entry into your system?
DenyHosts attempts to address the above... and more.
DenyHosts was the Unix Review: Tool of the Month for August 2005
Hire me!
I'm currently looking for a new job opportunity-- either fulltime or contract based. If
your company can use a skilled Python, Java, C/C++ application/database developer then take a
look at my resume. I'm not open to
re-locating, so if the position is not based in or around Santa Barbara, CA please only contact me
regarding a position if telecommuting is a possibility.
What's new?
You can now view recent DenyHosts
synchronization statistics. Since the release of DenyHosts 2.0 (late January)
DenyHosts has thwarted over 205,000 hack attempts (39,000 unique) from over 150
countries.
DenyHosts v2.6 is the latest release. This release contains a minor DoS
security fix and some minor bug fixes. The DoS security issue affects all
versions of DenyHosts prior to v2.6. All users are urged to upgrade to DenyHosts v2.6.
Consult the Changelog for the gory details.
Denyhosts v2.3 contains a security fix (purged hosts were not always re-added when they should have
been).
If you are using an earlier version it is strongly recommended that you upgrade to v2.3 or later.
DenyHosts v2.1 includes the following:
restricted username feature,
Synchronization download resiliency.
reset on success
Synchronization mode is now supported by command line/cron version (with the --sync flag)
DenyHosts 2.0 introduces synchronization mode which allows DenyHosts daemons to proactively
thwart attackers before they strike your ssh server. Read the FAQ
for important information on how to configure DenyHosts for synchronization mode (hint: it's easy, but
you must enable it explictly).
DenyHosts now has an easier to remember url: www.denyhosts.net
If you are upgrading from a version prior to 1.0.0
please read this important FAQ entry.
You can Download the
latest version of DenyHosts or view the Changelog.
To find out more, check out the DenyHosts FAQ.
You can also read an indepth independent article about DenyHosts by AgentOrange at OrangeCrate.
As seen elsewhere
These are some of the people and sites that have blogged about DenyHosts:
Tool of
the Month
Preventing SSH Dictionary Attacks With DenyHosts
Securing SSH with
DenyHosts
Slashdot
The Life Of Ken
The Mad Philosopher
Jay R. Wren
NewsForge
Nix Bits
Ho
John Lee
Need help?
If DenyHosts is unable to correctly parse your ssh server log when you run it, please
email me the following information:
SSH log entry showing a successful login
SSH log entry showing a failed attempt of a valid user account (eg. root)
SSH log entry showing a failed attempt of a non-existent user account (eg. blah)
I will try to respond to each support request that I receive. If I am able to help you
please consider making
a donation.
Requirements
See the Requirements page.
Counter provided by digits.com
Home |
FAQ |
Links |
Features |
Download |
SourceForge
center
Global Cooling