DenyHosts is a python tool that monitors your webserver logs for activities that may signal a brute force attack against you. A brute force attack is a method used by bad guys to gain access to your servers using hundreds, sometimes thousands of random username and password combinations.

DenyHosts tool looks for these activities and try to stop these attacks by banning or blocking the IP addresses that are being used to attack your servers. It’s as simple as that.

This brief tutorial is going to show you how to install DenyHosts on Ubuntu 14.04 server to help prevent these attacks. There are many other methods that attackers may use against your servers, but using combinations of random username and passwords may not succeed because of DenyHosts.

Another way to protect yourself against brute force attack is by using encryption key to sign on your servers and disabling username/password logon. This is the most effective way, but may require a lot more work.

Currently DenyHosts isn’t available through Ubuntu default repository. Previously one would just run the apt-get command to install it. Not anymore.

To install DenyHosts, you must manually download and install it. I will show you how to do it below.

Visit DenyHosts home page and download a copy for you server. Or run the commands below to download version 2.8 (latest as of today’s date)

cd /tmp/ && wget http://downloads.sourceforge.net/project/denyhost/denyhost-2.8/denyhosts-2.8.tar.gz

Next, run the commands below to extract it.

tar xzf denyhosts*.tar.gz

Then run the commands below to change into the extracted folder

cd DenyHosts*
Finally, run the commands below to install the program

sudo python setup.py install
After running the commands above, DenyHosts will be installed on your server but not fully configured You must manually configure the tool.

Copy the daemon file to the /etc/init.d/ directory.

sudo cp /usr/local/bin/daemon-control-dist /etc/init.d/denyhosts

Next, open the script and make the below highlighted change

sudo vi /etc/init.d/denyhosts
###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN = “/usr/local/bin/denyhosts.py”
DENYHOSTS_LOCK = “/run/denyhosts.pid”
DENYHOSTS_CFG = “/etc/denyhosts.conf”

PYTHON_BIN = “/usr/bin/env python”

 

Once installed, its configured and ready to protect your servers. One thing most webmasters do is go white-list their own IP address so they don’t get blocked or banned mistakenly.

To white-list your own IP address, open the allow host file in the /etc/ directory and add your IP address you use to connect to the server.

sudo vi /etc/hosts.allow

Then add your IP address in the file and save it.

# /etc/hosts.allow: list of hosts that are allowed to access the system.

# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you’re going to protect the portmapper use the name “rpcbind” for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
sshd: 172.145.33.45

 

Restart DenyHosts by running the commands below.

sudo /etc/init.d/denyhosts start

 

DenyHosts configuration file is at /etc/denyhosts.conf

Enjoy!