#5 LogCheck: Perform action

open
nobody
None
5
2007-05-02
2007-05-02
Anonymous
No

Some blatent hacking attempts picked up by Logcheck would be best served by pulling some of the blackhole aspects from portsentry and having LogCheck automaticaly blackhole IP addresses. Threshold would be nice, but in general I am willing to blackhole anyone who fatfingers a ssh password to keep out the ssh scanners.

sshd[18015]: Failed password for invalid user webmaster from 83.166.32.126 port 34357 ssh2

mulitiple the above by 100 or so with different users and that would be what I want to blackhole

Discussion