Welcome to DenyHost

What is DenyHost?

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

DenyHost is a fork of the original DenyHosts project. We hope to continue on where the original project left off, providing bug fixes and new features. Two features we are especially happy about are the ability to work without tcp_wrappers (/etc/hosts.deny) and the ability to work with either the IPTABLES Linux firewall or the PF firewall used by most BSD operating systems.

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Debian, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... and more.

DenyHosts was the Unix Review: Tool of the Month for August 2005

To find out more, check out the DenyHost FAQ.

You can also read an indepth independent article about DenyHosts by AgentOrange at OrangeCrate.

As seen elsewhere

These are some of the people and sites that have blogged about DenyHost:

Need help?

If DenyHost is unable to correctly parse your ssh server log when you run it, please email me the following information:

  1. SSH log entry showing a successful login
  2. SSH log entry showing a failed attempt of a valid user account (eg. root)
  3. SSH log entry showing a failed attempt of a non-existent user account (eg. blah)

Requirements

See the Requirements page.