sshguard-users Mailing List for SSHGuard (Page 49)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi SSH Guard community,

I absolutely love SSH Guard: easy to configure and (until now) reliable.

But there's a problem coming up:

SSH Guard has problems blocking attackers but isn't throwing any errors.

I configured Netfiler/iptables the following way (snippets to keep it small):

		Chain INPUT (policy DROP)
		...
		sshguard   all  --  anywhere             anywhere    

		...

		Chain sshguard (1 references)
		target     prot opt source               destination

This is how /var/log/auth.log looks like (this is just small attack to keep it clean):

		(195 more (unblocked) brute-force attacks above)

		Feb 19 02:02:06 localhost sshd[7575]: Invalid user weblogic from 59.50.36.46
		Feb 19 02:02:06 localhost sshguard[2820]: Blocking 59.50.36.46:4 for >945secs: 40 danger in 4 attacks over 9 seconds (all: 80d in 2 abuses over 651s).
		Feb 19 02:02:08 localhost sshd[7578]: Invalid user ircd from 59.50.36.46

		(Attacker stopped 150 attacks later)

As you can see SSH Guard tries to block the attacker but isn't printing out any errors. 
The attacker is still able to attack.

Is there anything I am missing? Something I can try?

Thanks for your help! :)

Regards

Paul Engstler

Designer, Developer and Student.

2007	Jan	Feb	Mar (10)	Apr (7)	May (6)	Jun (13)	Jul (4)	Aug	Sep	Oct (17)	Nov (5)	Dec (4)
2008	Jan (2)	Feb	Mar	Apr (4)	May (2)	Jun (7)	Jul (10)	Aug (4)	Sep (14)	Oct	Nov (1)	Dec (7)
2009	Jan (17)	Feb (20)	Mar (11)	Apr (14)	May (8)	Jun (3)	Jul (22)	Aug (9)	Sep (8)	Oct (6)	Nov (4)	Dec (8)
2010	Jan (17)	Feb (9)	Mar (15)	Apr (24)	May (14)	Jun (1)	Jul (21)	Aug (6)	Sep (2)	Oct (2)	Nov (6)	Dec (9)
2011	Jan (11)	Feb (1)	Mar (3)	Apr (4)	May	Jun	Jul (2)	Aug (3)	Sep (2)	Oct (29)	Nov (1)	Dec (1)
2012	Jan (1)	Feb (1)	Mar	Apr (13)	May (4)	Jun (9)	Jul (2)	Aug (2)	Sep (1)	Oct (2)	Nov (11)	Dec (4)
2013	Jan (2)	Feb (2)	Mar (4)	Apr (13)	May (4)	Jun	Jul	Aug (1)	Sep (5)	Oct (3)	Nov (1)	Dec (3)
2014	Jan	Feb (3)	Mar (3)	Apr (6)	May (8)	Jun	Jul	Aug (1)	Sep (1)	Oct (3)	Nov (14)	Dec (8)
2015	Jan (16)	Feb (30)	Mar (20)	Apr (5)	May (33)	Jun (11)	Jul (15)	Aug (91)	Sep (23)	Oct (10)	Nov (7)	Dec (9)
2016	Jan (22)	Feb (8)	Mar (6)	Apr (23)	May (38)	Jun (29)	Jul (43)	Aug (43)	Sep (18)	Oct (8)	Nov (2)	Dec (25)
2017	Jan (38)	Feb (3)	Mar (1)	Apr	May (18)	Jun (2)	Jul (16)	Aug (2)	Sep	Oct (1)	Nov (4)	Dec (14)
2018	Jan (15)	Feb (2)	Mar (3)	Apr (5)	May (8)	Jun (12)	Jul (19)	Aug (16)	Sep (8)	Oct (13)	Nov (15)	Dec (10)
2019	Jan (9)	Feb (3)	Mar	Apr (2)	May	Jun (1)	Jul	Aug (5)	Sep (5)	Oct (12)	Nov (4)	Dec
2020	Jan (2)	Feb (6)	Mar	Apr	May (11)	Jun (1)	Jul (3)	Aug (22)	Sep (8)	Oct	Nov (2)	Dec
2021	Jan (7)	Feb	Mar (19)	Apr	May (10)	Jun (5)	Jul (7)	Aug (3)	Sep (1)	Oct	Nov (10)	Dec (4)
2022	Jan (17)	Feb	Mar (7)	Apr (3)	May	Jun (1)	Jul (3)	Aug	Sep	Oct (6)	Nov	Dec
2023	Jan	Feb (5)	Mar (1)	Apr (3)	May	Jun (3)	Jul (2)	Aug	Sep	Oct	Nov (6)	Dec
2024	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (15)	Apr (8)	May (10)	Jun	Jul	Aug	Sep (6)	Oct	Nov	Dec

sshguard-users Mailing List for SSHGuard (Page 49)

Intelligently block brute-force attacks by aggregating system logs

sshguard-users — User questions and answers, bugs, and general support