Menu
▾
▴
[Sshguard-users] SSH Guard: Blocking failed without any errors?
|
From: Paul E. <hi...@pa...> - 2011-02-19 12:39:47
|
Hi SSH Guard community, I absolutely love SSH Guard: easy to configure and (until now) reliable. But there's a problem coming up: SSH Guard has problems blocking attackers but isn't throwing any errors. I configured Netfiler/iptables the following way (snippets to keep it small): Chain INPUT (policy DROP) ... sshguard all -- anywhere anywhere ... Chain sshguard (1 references) target prot opt source destination This is how /var/log/auth.log looks like (this is just small attack to keep it clean): (195 more (unblocked) brute-force attacks above) Feb 19 02:02:06 localhost sshd[7575]: Invalid user weblogic from 59.50.36.46 Feb 19 02:02:06 localhost sshguard[2820]: Blocking 59.50.36.46:4 for >945secs: 40 danger in 4 attacks over 9 seconds (all: 80d in 2 abuses over 651s). Feb 19 02:02:08 localhost sshd[7578]: Invalid user ircd from 59.50.36.46 (Attacker stopped 150 attacks later) As you can see SSH Guard tries to block the attacker but isn't printing out any errors. The attacker is still able to attack. Is there anything I am missing? Something I can try? Thanks for your help! :) Regards Paul Engstler Designer, Developer and Student. |
