denyhosts is a great tool for linux computers with public ssh connections. It monitors your system logs for brute force ssh password/login attacks, and blocks offending IPs. See http://denyhosts.sourceforge.net/ for more information.
I run the MobaSSH server on my windows PC to provide secure remote file access. Because the windows server looks identical to a linux SSH server, I find just as many attackers trying to brute force the password on my machine. The script from DenyHosts for windows provides the same service for Windows.
I had some troubles getting it to work. Here is what I had to do on Windows 7 Pro.
- Download the zip file including vbdenyhosts.vbs
- Unzip to any old directory.
- Right click on the vbdenyhosts.vbs and click “Edit” — this should open the file in Notepad.
- Leave Notepad open, open the start menu and type “Windows Firewall” and select the entry “Windows Firewall with Advanced Security”
- Click on “Inbound rules” from the menu from the left.
- Select “New Rule…” from the menu at right.
- Select “Port” for “What type of rule you’d like to create”, then next
- Select TCP and enter “22” for the specific port.
- Select “Block the connection” then next.
- Make sure all the areas are checked (Domain, Private Public), then next
- Enter “SSH Block” for the Name.
- Then hit finish! You are done with that step!
- Now we have to fix a bug in the script, return to Notepad
- Find the line “If Len(rule.RemoteAddresses) > 0 Then” (It’s line number 265, I think.)
- Change it to “If Len(rule.RemoteAddresses) > 1 Then”
- (Why the change? When I ran this script, rule.RemoteAddresses had the value of “*” initially, which I believe blocks all addresses, and then the line updating the value fails.)
- Optionally, edit the configuration information at the beginning. If you followed my advice, you don’t need to change the Firewall rule name. However, I set bBlockRoot = False because I occasionally forget that I’m sshing as a root user.
- Save the file in Notepad.
- Next, create a new directory: C:\Program Files\vbdenyhosts (You’ll probably be asked to elevate for this step.)
- Copy the file vbdenyhosts.vbs into this new directory.
- Double check that you need administrative access to modify the file.
- Next we have to create a scheduled task to run the code.
- Open the start menu and type “Task Scheduler”
- On the right, select “Create task…”
- Set Name: “vbdenyhosts”
- Click change user or group, and enter “Administrators”
- At the bottom, select Configure for: “Windows 7” (not sure if this is needed)
- Select “Triggers” from the list of tabs
- Click the new button at the bottom, select Daily. Pick any time you want, then Recur every 1 days.
- At the bottom, select “Repeat task every: 30 minutes”
- Click “Ok” to set the schedule.
- Select “Actions” from the list of tabs
- Click the new button at the bottom, select “Start a program” and enter: “C:\Program Files\vbdenyhosts\vbdenyhosts.vbs”
- Click ok…
And you are finally done.
Now right click on your new task and select “run.”
It should report that the task ran successfully. If not… hmm… you’ll have to debug yourself. But these steps worked for me.