{"id":15339097,"url":"https://github.com/raducotescu/sshbruteforcelogger","last_synced_at":"2025-09-23T14:18:04.341Z","repository":{"id":1349560,"uuid":"1296851","full_name":"raducotescu/SSHBruteForceLogger","owner":"raducotescu","description":"BASH script that detects illegal login attempts","archived":false,"fork":false,"pushed_at":"2011-03-10T00:58:12.000Z","size":84,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-21T20:29:55.677Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/raducotescu.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-01-26T21:40:26.000Z","updated_at":"2023-12-11T06:17:03.000Z","dependencies_parsed_at":"2022-07-29T09:09:03.685Z","dependency_job_id":null,"html_url":"https://github.com/raducotescu/SSHBruteForceLogger","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raducotescu%2FSSHBruteForceLogger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raducotescu%2FSSHBruteForceLogger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raducotescu%2FSSHBruteForceLogger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/raducotescu%2FSSHBruteForceLogger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/raducotescu","download_url":"https://codeload.github.com/raducotescu/SSHBruteForceLogger/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243685586,"owners_count":20330982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-01T10:28:29.613Z","updated_at":"2025-09-23T14:17:59.296Z","avatar_url":"https://github.com/raducotescu.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"This script allows you to automatically ban IPs from which your SSH server\nreceives incorrect login requests (typically brute-force attempts). The IPs\nare kept in a file for further reference and each time a new IP is identified\nthe script will try to notify the ISP by sending an automated email (if sendmail\nor any of its replacements that provide a similar interface are available - e.g.\nPostfix).\n\n1. Dependencies\nDependencies for sending emails: any MTA which provides a sendmail interface.\n\n2. Configuration\nFor a list of configuration parameters check the script's content.\n\nTo make the script run automatically, use a cron job similar to the following:\n\t# this will run the script every 5 minutes\n\t*/5 * * * * ~/bin/SSHBruteForceLogger.sh\n\t\nIf you would also like to have a log with the script's output, modify the cron\njob like this:\n\t*/5 * * * * ~/bin/SSHBruteForceLogger.sh \u003e\u003e ~/bin/SSH-scanner.log\n\t\nSSH-scanner.log should be a different file than the one specified inside the\nscript, in the $logfile parameter (that would be the log file where the sshd\ndaemon writes its entries) or in the $iplist one (that file is the file where\nall the attacker's IPs are kept for future reference).\n\n3. Tips and tricks\nIf you would like to permanently ban the gathered IP addresses from which the\nscript has discovered illegal login attempts, then at every boot you would have\nto run a script that DROPs all traffic from each IP in the list using iptables.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraducotescu%2Fsshbruteforcelogger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fraducotescu%2Fsshbruteforcelogger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fraducotescu%2Fsshbruteforcelogger/lists"}