[SSHGuard-users] Odd block

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I decided to dig into this block given the odd name of the domain. Now
if I am reading this correctly, the getaddrinfo is part of sshd, not
sshguard. The IP 188.166.242.102 comes back to Digital Ocean, a VPS
company. Where did poke.diarbag.us come from?

Jul 21 14:07:16 theranch sshd[73068]: Did not receive identification string from 188.166.242.102
Jul 21 14:13:07 theranch sshd[73095]: reverse mapping checking getaddrinfo for poke.diarbag.us [188.166.242.102] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 21 14:13:07 theranch sshd[73095]: Invalid user vagrant from 188.166.242.102
Jul 21 14:13:07 theranch sshd[73095]: input_userauth_request: invalid user vagrant [preauth]
Jul 21 14:13:08 theranch sshd[73095]: Received disconnect from 188.166.242.102: 11: Bye Bye [preauth]
Jul 21 14:13:08 theranch sshguard[809]: blacklist: added 188.166.242.102

[SSHGuard-users] Odd block

Intelligently block brute-force attacks by aggregating system logs

[SSHGuard-users] Odd block