Re: [Sshguard-users] sshguard & proftpd issues - continued

[Mij <mi...@ss...>]

Hello Lego,

did you try to run sshguard in debug/interactive mode?
Have a look at
http://www.sshguard.net/docs/faqs/#does-not-detect
(just updated)



On Nov 20, 2009, at 20:22 , Lego wrote:

> 
> First I would like to say thanks to David Horn for helping so far; This is
> a continuation of my last thread.  I now successfully have sshguard 1.4
> installed and blocking sshd & dovecot again, But still Having issues with
> proftpd.
> 
> [code]
> Nov 20 14:12:09 blurr-ink proftpd[1382]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:12:09 blurr-ink proftpd[1382]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:12:24 blurr-ink proftpd[1385]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:12:24 blurr-ink proftpd[1385]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:12:40 blurr-ink proftpd[1386]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:12:40 blurr-ink proftpd[1386]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:13:19 blurr-ink proftpd[1455]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:13:19 blurr-ink proftpd[1455]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:13:34 blurr-ink proftpd[1456]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:13:34 blurr-ink proftpd[1456]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:13:50 blurr-ink proftpd[1457]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:13:50 blurr-ink proftpd[1457]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:14:06 blurr-ink proftpd[1460]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego (Login failed):
> Incorrect password.
> Nov 20 14:14:06 blurr-ink proftpd[1460]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - FTP session closed.
> Nov 20 14:14:30 blurr-ink proftpd[1464]: localhost
> (dyn216-8-133-228.ADSL.mnsi.net[216.8.133.228]) - USER lego: Login
> successful.
> [/code]
> 
> My syslog.conf
> [code]
> auth.info;authpriv.info;ftp.info;mail.info     |exec
> /usr/local/sbin/sshguard -f 310:/var/run/proftpd.pid -f
> 100:/var/run/sshd.pid -f 210:/var/run/dovecot/master.pid -w 127.0.0.1 -a 5
> auth.info;authpriv.info;ftp.info;mail.info       /var/log/sshguard.log
> [/code]
> 
> 
> As I said I have been able to block myself when attemping to log in to sshd
> or dovecot, but when I try to Log into ftp with incorrect credentials it
> still just lets me keep trying over and over.
> 
> -- 
> Sincerely,
> 
> Lego
> 
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
> trial. Simplify your report design, integration and deployment - and focus on 
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users