Menu
▾
▴
Re: [Sshguard-users] Is sshguard working?
|
From: <li...@la...> - 2015-08-03 04:58:09
|
<html><head></head><body lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Would that be in rc.firewall? There isn't any comment regarding sshguard in that file.</div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br style="display:initial"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>James Harris</div><div><b>Sent: </b>Saturday, August 1, 2015 11:29 AM</div><div><b>To: </b>ssh...@li...</div><div><b>Reply To: </b>ssh...@li...</div><div><b>Subject: </b>Re: [Sshguard-users] Is sshguard working?</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><p dir="ltr">Have you checked the firewall rules? You should see the one sshguard added.</p> <div class="gmail_quote">On Aug 1, 2015 10:50 AM, <<a href="mailto:li...@la...">li...@la...</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div lang="en-US"><div>This is a sample of my auth.log or message log on freebsd using sshguard-ifpw. The user is blocked, but the attack keeps coming.</div><div>------------------</div><div><br></div><div><br></div><div></div><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:14 theranch sshd[56857]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:15 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:16 theranch sshguard[55685]: Offender '<a href="http://218.87.111.110:4" target="_blank">218.87.111.110:4</a>' scored 40 danger in 1 abuses (threshold 40) -> blacklisted.</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:16 theranch sshguard[55685]: Blocking <a href="http://218.87.111.110:4" target="_blank">218.87.111.110:4</a> for >0secs: 40 danger in 3 attacks over 1 seconds (all: 40d in 1 abuses over 1s).</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:38 theranch sshd[56863]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:39 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:41 theranch sshd[56868]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:43 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:46 theranch sshd[56873]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:48 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:50 theranch sshd[56878]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:51 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:54 theranch sshd[56883]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:55 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:57 theranch sshd[56888]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:37:58 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:00 theranch sshd[56893]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:01 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:18 theranch sshd[56899]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:19 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:27 theranch sshd[56904]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:27 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:30 theranch sshd[56909]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:31 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:33 theranch sshd[56914]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:34 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:38 theranch sshd[56919]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:39 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:41 theranch sshd[56924]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:42 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:46 theranch sshd[56929]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:47 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:49 theranch sshd[56934]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:38:50 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:02 theranch sshd[56939]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:03 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:05 theranch sshd[56944]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:06 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:20 theranch sshd[56949]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:21 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:43 theranch sshd[56956]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:44 theranch last message repeated 2 times</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:51 theranch sshd[56961]: error: PAM: authentication error for root from 218.87.111.110</span><br style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap"><span style="color:rgb(0,0,0);font-family:sans-serif;white-space:pre-wrap">Aug 1 02:39:52 theranch last message repeated 2 times</span></div> <br>------------------------------------------------------------------------------<br> <br>_______________________________________________<br> Sshguard-users mailing list<br> <a href="mailto:Ssh...@li...">Ssh...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sshguard-users" rel="noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/sshguard-users</a><br> <br></blockquote></div> <br><!--end of _originalContent --></div></body></html> |
