[Sshguard-users] Is sshguard working?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><style> body {  font-family: "Calibri","Slate Pro",sans-serif,"sans-serif"; color:#262626 }</style> </head> <body lang="en-US"><div>‎This is a sample of my auth.log or message log on freebsd using sshguard-ifpw. The user is blocked, but the attack keeps coming.</div><div>------------------</div><div><br></div><div><br></div><div></div><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:14 theranch sshd[56857]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:15 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:16 theranch sshguard[55685]: Offender '218.87.111.110:4' scored 40 danger in 1 abuses (threshold 40) -&gt; blacklisted.</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:16 theranch sshguard[55685]: Blocking 218.87.111.110:4 for &gt;0secs: 40 danger in 3 attacks over 1 seconds (all: 40d in 1 abuses over 1s).</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:38 theranch sshd[56863]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:39 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:41 theranch sshd[56868]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:43 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:46 theranch sshd[56873]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:48 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:50 theranch sshd[56878]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:51 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:54 theranch sshd[56883]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:55 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:57 theranch sshd[56888]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:37:58 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:00 theranch sshd[56893]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:01 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:18 theranch sshd[56899]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:19 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:27 theranch sshd[56904]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:27 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:30 theranch sshd[56909]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:31 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:33 theranch sshd[56914]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:34 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:38 theranch sshd[56919]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:39 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:41 theranch sshd[56924]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:42 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:46 theranch sshd[56929]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:47 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:49 theranch sshd[56934]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:38:50 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:02 theranch sshd[56939]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:03 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:05 theranch sshd[56944]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:06 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:20 theranch sshd[56949]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:21 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:43 theranch sshd[56956]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:44 theranch last message repeated 2 times</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:51 theranch sshd[56961]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;"><span style="color: rgb(0, 0, 0); font-family: sans-serif; white-space: pre-wrap;">Aug  1 02:39:52 theranch last message repeated 2 times</span></body></html>

[Sshguard-users] Is sshguard working?

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] Is sshguard working?