Solved Abandonware: Security/bruteforceblocker

[Lamia]

Bruteforceblocker has its place in the ports and security of Internet-facing systems. It does a fabulous job. No other pkg can replace it, though sshguard is recommended during upgrade of pkgs. Fail2ban, sshguard, etc cannot fill the void it will create as an abandonware.

 

[SirDice]

security/sshguard does the exact same thing and doesn't have a bunch of Perl dependencies.

What did Bruteforceblocker do that cannot be done with SSHGuard?

 

[Lamia]

Bruteforceblocker goes beyond protecting ssh port. In addition, it comes with a predefined list of botnet IP addresses (mostly from Asia) that will be blocked. The list grows overtime adding scrupulous addresses trying to DDOS attack the system on the Internet.

i am also aware of several other pkgs that do related jobs - fail2ban with its ever-growing list too and protecting over several services and ports, snort, banyard, bro/xeek, etc.

Bruteforceblocker does a good job.

 

[Lamia]

Its website reads that it is for SSH, though I have seen it operate with other ports. I have approx. 100000 IP addresses in its table and growing. Some years back, there were severe brute-force attacks and DDoS on the HTTP(S) port alongside SSH port. It did an excellent job to prevent those attacks.
I have now started removing it from our servers and trusting that other security pkgs do its job.

 

[Lamia]

The IP blocklist - http://danger.rulez.sk/projects/bruteforceblocker/blist.php - now in PfBlockerNG, under BotScout. I can't ask for more.