Support Co-Location

How can I protect myself from SSH/FTP Brute Force Attacks?

All server services that use the TCP Wrapper can be protected against Brute Force Attacks. These are server services such as SSH and FTP, which determine whether an IP address may connect or not on the basis of the /etc/hosts.allow and /etc/hosts.deny files.

The automatic protection against Brute Force Attacks is realised via the /etc/hosts.deny file aggregated from several hundred servers.

If, for example, any computer in the Internet attempts to log on to a server using different user name/password combinations, the computer will be placed on the blacklist after the tenth attempt. As a consequence of this, it can no longer connect to the respective service for 60 minutes. This measure applies for the complete Nine network.

Customers who operate a Virtual Server, Dedicated Server, Server housing or Colocation can also benefit from this mechanism. Every five minutes, the following entry in the /etc/crontab code checks whether a new version of the /etc/hosts.deny code is available, and copies it to the appropriate location.

*/5 * * * * root cd /etc && wget -N http://logv1.nine.ch/hosts.deny >/dev/null 2>&1