Automatically deny hacking attempts in CentOS?

  1. You can limit number of login attempts per minute with iptables. Such rules will block IP for one minute after three login attempts (taken from Diary of a geek – Mitigating against SSH brute force attacks using Netfilter and the recent module):

    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG --ulog-prefix SSH_brute_force
    iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
    
  2. If you want more configurable sikytion, you can use fail2ban or DenyHosts for analyzing SSHd logs and blocking suspicious IP addresses.


the best pratice way is to block all un needed ports with iptables and setup your ssh to use a private key for login. I know that Putty and MobaXterm (both free ssh clients) support private key login. then inside your /etc/ssh/sshd_config remove the

PermitRootLogin yes

and add:

PermitRootLogin without-password

this will make it that even if you know the root password it will not allow you to login with it.

you can use the iptables rules to throttle them so they don't bog down your server as well


Install the software Denyhosts. It will automatically list such hacker IPs to the hosts.deny. The package is available on the epel repository.