[Sshguard-users] improved attack_scanner.l file proposal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

HI all,

Can someone please add the following to the attack_scanner.l file (found in src/parser)

* Exim2 by Nick: */
.*"login authenticator failed for ".+" (["             { BEGIN(exim_esmtp_autherr); return EXIM_ESMTP_AUTHFAIL_PREF; }
<exim_esmtp_autherr>"]) ["             { BEGIN(exim_esmtp_autherr); return EXIM_ESMTP_AUTHFAIL_PREF; }
<exim_esmtp_autherr>"]: 535 Incorrect authentication data (set_id=".+")"    { BEGIN(INITIAL); return EXIM_ESMTP_AUTHFAIL_SUFF; }

This should tackle exim abuse better than the current line for exim.

Thanks!

OllieJim

[Sshguard-users] improved attack_scanner.l file proposal

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] improved attack_scanner.l file proposal