From: Thomas C. <rec...@gm...> - 2007-09-11 10:51:56
|
i have an issue with an insane amount of hits on my ftp. that's why i installed fail2ban on my box. it seems though that i can't seem to get it working and i think it has to do with the failregex for vsftpd. here is my info: centos 4.5 vsftpd-2.0.1-5.EL4.5 fail2ban-0.6.2-1.el4.rf vsftpd section of fail2ban.conf: logfile = /var/log/messages failregex = vsftpd: \(pam_unix\) authentication failure; .*rhost=(?P<host>\S+) the vsftpd attempts in /var/log/messages looks like this though: Sep 11 06:40:41 mail vsftpd(pam_unix)[22973]: authentication failure; logname= uid=0 euid=0 tty= rusers= rhost=218.93.117.89 i'm not sure but i think it has to do with the failregex expression being incorrect. any help on this would be appreciated. i don't understand the syntax required for failregex. Thanks. |