BFDGPL v2v1.5Since 2004
25
Brute Force Detection
Modular log parser for blocking authentication attacks
Brute Force Detection (BFD) is a modular shell script for parsing application logs and checking for authentication failures. It uses a rules system where application-specific options are stored including regular expressions for each unique auth format.
BFD employs a log tracking system that reads from the last known position, avoiding redundant processing. It is compatible with syslog and logrotate style log rotations — automatically detecting rotation events and retrieving data from both new and rotated log files.
Stars
25
Forks
12
Last Push
Feb 15, 2026
Project Downloads & Supporting Files
18
3d
31
7d
136
30d
413
90d
1.71k
1y
Feb 18 — Feb 21
Features
Detection
- Modular per-application rule sets with auto-enablement
- Regex-based log parsing using sed for efficiency
- Log tracking that reads from last known position to avoid redundant processing
- Compatible with syslog/logrotate style log rotations
- Configurable failed login threshold (TRIG) before blocking
Response & Tracking
- Integration with APF, Shorewall, and raw iptables for blocking
- IP route and custom command blocking options
- Flat text file-based attacker tracking with size controls
- Attack pool with trending data on blocked hosts and triggering rules
- Customizable email alerting with templating
- Embedded lock file system to prevent concurrent instances
- Default cron execution every 3 minutes
Installation
bash
$ git clone https://github.com/rfxn/brute-force-detection.git
$ cd brute-force-detection
$ sudo ./install.shVerify Download
MD5 Signature Verification
Always verify the integrity of downloaded packages before installation.
bash
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz.md5
$ md5sum -c bfd-current.tar.gz.md5Downloads & Resources
Community & Publications
Tutorials & Articles
- Locking Down Your Linux Server with APF + BFD— Snipe.Net
- Intro to APF and Brute Force Detection— A Small Orange
- Setting Up APF and BFD— siawyoung.com
- Install BFD on Your Hosting Server— eukhost
- Prevent Brute Force Attacks with APF + BFD— Hivelocity
- Install BFD (Brute Force Detection) on Linux— NetworkLessons