Install, Configure PyFilter to Control Illegitimate SSH Login Attempts

There are various intrusion prevention software available to prevent brute-force attacks. Here is How to Install, Configure PyFilter to Control Illegitimate SSH Login Attempts. PyFilter project is sponsored by Digital Ocean and developed by individual developer as Free Software under GNU GPL 3.0 License. PyFilter has own Github repo, own website. I guess a question will arise in mind – why not Fail2Ban but PyFilter? PyFilter has PyFilter-Admin which provides statistical information including total bans which is not easy to setup with Fail2Ban (we have shown configuration with Badips with Fail2Ban for analytics). As it is modern, written in Python, in future we hope that we can easily implement Big Data analysis tools with it or create a WordPress Plugin. There is nothing wrong to test different prevention software. Fail2Ban of course time tested, powerful but never just easy even for an used sysadmin to handle. There are actually more bigger hammers for intrusion prevention, but commonly our need is limited to LAMP/LEMP servers and SSH. Here is official website and official GitHub repo of PyFilter :

Here is PyFilter Admin :

Developer has written guide on Digital Ocean and official website. We are combining PyFilter and PyFilter-Admin in this guide.

Remember : If you get wrongly locked-in, you need to either login to web admin console of webhost to flash iptables or request your webhost to do so. We will suggest to use our method to use cron to flash iptables every 5 minutes during testing if your web admin console of webhost has no web based SSH (that is not uncommon among OpenVZ servers). As we told before – before throwing stones towards hackers, you should be careful. Do not run Fail2Ban or DenyHost with PyFilter.

 

Install, Configure PyFilter to Control SSH Login Attempts

 

PyFilter needs Python 3. Python 3 is by default installed on Ubuntu 16.04 (and will be on Ubuntu 18.04 LTS). For single server installation, you simply need to clone the GitHub repo :

You’ll see a directory named PyFilter.git. You will move that directory to /usr/local/ :

Next, work on the configuration files :

You’ll see the defaults settings as output. You can change the settings as per your need. This is default config file :

Add your server’s IP or VPN’s IP in "ignored_ips": ["127.0.0.1"], during testing. Last step is simply executing the script and creating system service :

Now, if you run :

You’ll get normal expected output like any other system service. We need to install GEOIP, which is optional unless you need the name of countries.

If you face error, that is not strange. If you face error, ask on StackOverflow. Not everything on this earth has explainable reason!

For using PyFilter-Admin and manually add IPs via it, you need Redis :

Find the line "database": "sqlite" and change it to "database": "redis". This will be the config :

Restart PyFilter like any other service and check status :

It is better to install PyFilter-Admin on development server first to test than running on LAMP server with production WordPress like site. For running PyFilter-Admin, run these commands :

Default username is PyFilter The default password is PyFilter12345. Just to remind, for Django we run :

Then navigate to the admin panel’s URL in a browser like :