Today I have just found that my colleague’s server was hacked by someone to run IRC bot. Cool! This server didn’t run any services except only SSH. It is very secure. Anyway, after investigating /var/log/secure, I found out lots of login failed attempts from unknown sources. Eventually, the last attempt was successful and he/she changed root password to something I didn’t know. Fortunately, single user mode helped me to recover the machine back to my control again.

To prevent brute force login attempts like this, I decide to deploy Fail2Ban so that the source IP address will be banned and unbanned automatically based on configuration. It was written in Python to scan log files and ban IP by updating firewall rules to reject the IP address.

Technorati Tags: English, Security, Software, Review, Tips and Tricks, Firewall, IPTables, Fail2Ban, SSH, Brute Force, Password, Python