BFD Brute Force Detection vs. script kiddies

Tired of the abuse I'm getting on one of the servers exposed to the Internet, I've installed APF, the Advanced Policy Firewall, and BFD, Brute Force Detection on the machine. has easy-to-follow installation instructions for APF and BFD respectively.

While plain vanilla iptables was enough to protect the machine from most routine attacks, incessant attempts at logging in to a couple of well-known services on well-known ports was filling the logs and consuming an extrodinary amount of the bandwidth. Now, a script kiddie attempting 13,000 logins will find the machine no longer responding on that IP address.

Interesting technology. BFD uses a script run as a timed job to parse logs, pick up repeats, and bans them by scriping a command line and submitting it to APF. APF also uses the excellent list of known problemmatic machines and networks. Very cool. While BFD comes with a set of scripts to parse common exploits, it didn't have one for my ftp server. I'm not sure I've grokked what's needed to set up my own script of rules, but as I couldn't find one on Google, I'll give it a shot, and share my results back to the community once I've got it working.


  1. Ted Roche’s weblog - Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good. » Brute Force Detection (BFD) script for vsftpd - July 1, 2007

    […] Last year, I blogged about the script Brute Force Detection that works with many servers and reads the logs to ban repeated failed login attempts. Unfortunately, it did not have the settings to read vsftpd generated logs, and there were not any directions simple enough for me to understand to set one up. A year passes, I read more, learn more, expecially the great Man Page of the Month sessions at MonadLUG, and I find a couple of hours to hack at this, motivated by yet another log report filled with vsftpd login attempts. Here’s what I did: […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.