Menu
▾
▴
[SSHGuard-users] Adedd and 'should have been added'
|
From: Jos C. <ssh...@cl...> - 2016-07-31 16:34:09
|
Dearteam, Just saw following in my all.log file: -- cut -- Jul 31 18:12:56 ares sshguard[720]: blacklist: added 98.174.187.19 Jul 31 18:12:56 ares kernel: Jul 31 18:12:56 ares sshguard[720]: blacklist: added 98.174.187.19 (1) Jul 31 18:12:56 ares sshguard[720]: 98.174.187.19: blocking forever (3 attacks in 256 secs, after 1 abuses over 256 secs) (1) Jul 31 18:12:56 ares kernel: Jul 31 18:12:56 ares sshguard[720]: 98.174.187.19: blocking forever (3 attacks in 256 secs, after 1 abuses over 256 secs) Jul 31 18:12:56 ares postfix/smtpd[2492]: lost connection after AUTH from wsip-98-174-187-19.ok.ok.cox.net[98.174.187.19] Jul 31 18:12:56 ares postfix/smtpd[2492]: disconnect from wsip-98-174-187-19.ok.ok.cox.net[98.174.187.19] ehlo=1 auth=0/1 commands=1/2 (2) --> Jul 31 18:12:56 ares sshguard[720]: 98.174.187.19: should already have been blocked (2) --> Jul 31 18:12:56 ares kernel: Jul 31 18:12:56 ares sshguard[720]: 98.174.187.19: should already have been blocked -- cut -- As you see the ip address has been blocked @ (1), but in the same run I get twice another display line, saying the the ip should have been blocked (as it was in (1)). Can you explain how we should interprer the (2) lines or is it a display bug? Keep up the good work, Jos Chrispijn |
