Details scans system logs, and looks for failed login attempts. It keeps a record of the number of times a particular IP address had a failed login. When the count exceeds a configured value, that IP address is added to /etc/hosts.allow with a deny flag, so the next time that IP address attempts to connect to that box, they will get a refused connection message. Optionally, null-routing or packet filtering can be used to block all communication from that IP address. Program also offers a way to provide email notification of the list of blocked as well as watched IP addresses, and a way to specify lists of whitelisted and blacklisted IP addresses and IP address patterns.


  1. Python, version 2.3 or later.
  2. If using hosts.allow blocking, TCP_WRAPPERS enabled services can be blocked. Extensions to the access control language as described in the man 5 hosts_options page are required, which allow use of :allow and :deny keywords.
  3. All services can be protected if using null-routing or packet filtering. The requirements for this are that there should be a way to detect failed accesses in some system log file, and a way to run this script each time such an access is made (or if sufficient, this script can be run periodically using cron).
  4. IPv4 addesses supported, IPv6 not supported at this time.
  5. Many patterns are now available, to support detection of failed access to many services. OpenSSH and proftpd logs were the first to be supported, for the current patterns, see the default configuration, in blockhosts.cfg file.

For details on the program arguments and configuration, run the script with the --help option: --help

Also available: BlockHosts Forum and BlockHosts FAQ.

Source Package

Here are links to some of the files, for a quick look into the some of the files. All of these files are present in the kit available for download.
usage, with details - like a man page - the python script
CHANGES file, lists changes made in each version