DenyThem is a program designed to protect your Linux system from malicious attacks. It is an active response system to disrupt and block dictionary attacks and DOS attacks. DenyThem by default uses /var/log/syslog and /var/log/auth.log and searches for hack attempts. When DenyThem finds enough hack attempts from a single host, it will add a DROP statement to your system's firewall, thus preventing future attacks. DenyThem uses iptables, so it will only work on Linux or any other system that uses iptables. It can also block traffic from specific countries.
|Tags||Networking Firewalls Internet Log Analysis Logging Monitoring|
Release Notes: An iptables issue with pathing on some machines was fixed. This program has been confirmed to work on Gentoo and just about any Linux system with iptables. You just need to point the monitor function at the proper place for your syslog information.
Release Notes: This version adds country blocking support, allowing you to block complete countries from accessing the system. Multiple log support and custom flag support were also added. This allows you to add an invalid access flag and a regular expression to pull the host.