Menu
▾
▴
Re: [Sshguard-users] Is sshguard working?
|
From: James H. <jam...@gm...> - 2015-08-03 22:14:57
|
No I'm suggesting you look at the running firewall configuration to see if sshguard is adding rules for you. I believe on freebsd that is 'ipfw list' On Sun, Aug 2, 2015 at 9:58 PM, <li...@la...> wrote: > Would that be in rc.firewall? There isn't any comment regarding sshguard > in that file. > > *From: *James Harris > *Sent: *Saturday, August 1, 2015 11:29 AM > *To: *ssh...@li... > *Reply To: *ssh...@li... > *Subject: *Re: [Sshguard-users] Is sshguard working? > > Have you checked the firewall rules? You should see the one sshguard added. > On Aug 1, 2015 10:50 AM, <li...@la...> wrote: > >> This is a sample of my auth.log or message log on freebsd using >> sshguard-ifpw. The user is blocked, but the attack keeps coming. >> ------------------ >> >> >> Aug 1 02:37:14 theranch sshd[56857]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:15 theranch last message repeated 2 times >> Aug 1 02:37:16 theranch sshguard[55685]: Offender '218.87.111.110:4' >> scored 40 danger in 1 abuses (threshold 40) -> blacklisted. >> Aug 1 02:37:16 theranch sshguard[55685]: Blocking 218.87.111.110:4 for >> >0secs: 40 danger in 3 attacks over 1 seconds (all: 40d in 1 abuses over >> 1s). >> Aug 1 02:37:38 theranch sshd[56863]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:39 theranch last message repeated 2 times >> Aug 1 02:37:41 theranch sshd[56868]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:43 theranch last message repeated 2 times >> Aug 1 02:37:46 theranch sshd[56873]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:48 theranch last message repeated 2 times >> Aug 1 02:37:50 theranch sshd[56878]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:51 theranch last message repeated 2 times >> Aug 1 02:37:54 theranch sshd[56883]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:55 theranch last message repeated 2 times >> Aug 1 02:37:57 theranch sshd[56888]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:37:58 theranch last message repeated 2 times >> Aug 1 02:38:00 theranch sshd[56893]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:01 theranch last message repeated 2 times >> Aug 1 02:38:18 theranch sshd[56899]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:19 theranch last message repeated 2 times >> Aug 1 02:38:27 theranch sshd[56904]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:27 theranch last message repeated 2 times >> Aug 1 02:38:30 theranch sshd[56909]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:31 theranch last message repeated 2 times >> Aug 1 02:38:33 theranch sshd[56914]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:34 theranch last message repeated 2 times >> Aug 1 02:38:38 theranch sshd[56919]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:39 theranch last message repeated 2 times >> Aug 1 02:38:41 theranch sshd[56924]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:42 theranch last message repeated 2 times >> Aug 1 02:38:46 theranch sshd[56929]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:47 theranch last message repeated 2 times >> Aug 1 02:38:49 theranch sshd[56934]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:38:50 theranch last message repeated 2 times >> Aug 1 02:39:02 theranch sshd[56939]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:39:03 theranch last message repeated 2 times >> Aug 1 02:39:05 theranch sshd[56944]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:39:06 theranch last message repeated 2 times >> Aug 1 02:39:20 theranch sshd[56949]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:39:21 theranch last message repeated 2 times >> Aug 1 02:39:43 theranch sshd[56956]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:39:44 theranch last message repeated 2 times >> Aug 1 02:39:51 theranch sshd[56961]: error: PAM: authentication error for >> root from 218.87.111.110 >> Aug 1 02:39:52 theranch last message repeated 2 times >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> Sshguard-users mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users >> >> > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > > -- James Harris Software Engineer jam...@gm... |
