Menu
▾
▴
Re: [Sshguard-users] SSHGuard not working
|
From: Mij <mi...@ss...> - 2009-09-23 12:57:31
|
Hi Emmanuel, I don't quite get from your email: do you see the blocking rules in the IPFW chain? I.e. what does "ipfw list" output after one blocking? You can perform further in-depth tracing by running sshguard -d and pasting in its console multiple times (until you get the blocking) a line such as Invalid user wolff from 192.168.1.66 On Sep 23, 2009, at 13:57 , Emmanuel Alves wrote: > Hello, > > i´m using the sshguard to protect my server against force brute > atacks, i configurated the firewall (ipfw) to block all ports > (unlike the default ports - apache, ftp...). But, i think that my > sshguard doesnt blocking IP address that try to force access to SSH. > > This is my log from /var/log/security > > Sep 20 17:22:53 brain sshguard[97311]: Blocking 83.234.231.11: 4 > failures over 8 seconds. > Sep 20 17:22:54 brain sshd[32502]: Invalid user accounts from > 83.234.231.11 > Sep 20 17:22:55 brain sshd[32502]: error: PAM: authentication error > for illegal user accounts from 83.234.231.11 > Sep 20 17:22:55 brain sshd[32502]: Failed keyboard-interactive/pam > for invalid user accounts from 83.234.231.11 port 49912 ssh2 > Sep 20 17:22:57 brain sshd[32505]: Invalid user aaron from > 83.234.231.11 > Sep 20 17:22:58 brain sshd[32505]: error: PAM: authentication error > for illegal user aaron from 83.234.231.11 > Sep 20 17:22:58 brain sshd[32505]: Failed keyboard-interactive/pam > for invalid user aaron from 83.234.231.11 port 33210 ssh2 > Sep 20 17:22:58 brain sshguard[97311]: Blocking 83.234.231.11: 4 > failures over 4 seconds. > > The same ip is blocking, but it can to access after. > > There is any configuration in my sshguard to especify the time of > one ip address will stay blocked? > > Thanks. > > []s > > Emmanuel Alves > man...@gm... > > --------------------------------------------------------------------- > Twitter: http://www.twitter.com/emartsnet > Linked In: http://www.linkedin.com/in/emartsnet > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart > your > developing skills, take BlackBerry mobile applications to market and > stay > ahead of the curve. Join us from November 9-12, 2009. Register > now! > http://p.sf.net/sfu/devconf_______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
