From: Andreas M. <an...@an...> - 2008-02-13 12:59:01
|
Roman Buerkle <bu...@st...> schrieb: > On Tue, 2008-02-12 at 21:55 +0100, Cyril Jaquier wrote: > > Do you have these lines in proftpd.conf? > > > > failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ > > \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect > > password.$ > > > > Regards, > > > > Cyril > > Yep, looks like mine. (nightly snapshot from 6.Feb.08) > > ------------------------------- > [root@deepblue ~]# cat /etc/fail2ban/filter.d/proftpd.conf > # Fail2Ban configuration file > # > # Author: Yaroslav Halchenko > # > # $Revision: 603 $ > # > [Definition] > # Option: failregex > # Notes.: regex to match the password failures messages in the logfile. > The > # host must be matched by a group named "host". The tag > "<HOST>" can > # be used for standard IP/hostname matching and is only an > alias for > # (?:::f{4,6}:)?(?P<host>\S+) > # Values: TEXT > # > failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ > \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect > password.$ My proftpd does not produce a part like: USER \S+ \(Login failed\): Incorrect USER Administrator: no such user found from cherry.anup.dmz [192.168.20.210] to 192.168.20.60:21 that's all -- Andreas We live in an incredible age. Information is obtained at the speed of light. Mein öffentlicher GPG-Schlüssel unter: http://gpg-keyserver.de/pks/lookup?search=anmeyer&fingerprint=on&op=index |