sshguard-users Mailing List for SSHGuard (Page 62)

Intelligently block brute-force attacks by aggregating system logs

Brought to you by: mijio, partmedia

sshguard-users — User questions and answers, bugs, and general support

You can subscribe to this list here.

2007	Jan	Feb	Mar (10)	Apr (7)	May (6)	Jun (13)	Jul (4)	Aug	Sep	Oct (17)	Nov (5)	Dec (4)
2008	Jan (2)	Feb	Mar	Apr (4)	May (2)	Jun (7)	Jul (10)	Aug (4)	Sep (14)	Oct	Nov (1)	Dec (7)
2009	Jan (17)	Feb (20)	Mar (11)	Apr (14)	May (8)	Jun (3)	Jul (22)	Aug (9)	Sep (8)	Oct (6)	Nov (4)	Dec (8)
2010	Jan (17)	Feb (9)	Mar (15)	Apr (24)	May (14)	Jun (1)	Jul (21)	Aug (6)	Sep (2)	Oct (2)	Nov (6)	Dec (9)
2011	Jan (11)	Feb (1)	Mar (3)	Apr (4)	May	Jun	Jul (2)	Aug (3)	Sep (2)	Oct (29)	Nov (1)	Dec (1)
2012	Jan (1)	Feb (1)	Mar	Apr (13)	May (4)	Jun (9)	Jul (2)	Aug (2)	Sep (1)	Oct (2)	Nov (11)	Dec (4)
2013	Jan (2)	Feb (2)	Mar (4)	Apr (13)	May (4)	Jun	Jul	Aug (1)	Sep (5)	Oct (3)	Nov (1)	Dec (3)
2014	Jan	Feb (3)	Mar (3)	Apr (6)	May (8)	Jun	Jul	Aug (1)	Sep (1)	Oct (3)	Nov (14)	Dec (8)
2015	Jan (16)	Feb (30)	Mar (20)	Apr (5)	May (33)	Jun (11)	Jul (15)	Aug (91)	Sep (23)	Oct (10)	Nov (7)	Dec (9)
2016	Jan (22)	Feb (8)	Mar (6)	Apr (23)	May (38)	Jun (29)	Jul (43)	Aug (43)	Sep (18)	Oct (8)	Nov (2)	Dec (25)
2017	Jan (38)	Feb (3)	Mar (1)	Apr	May (18)	Jun (2)	Jul (16)	Aug (2)	Sep	Oct (1)	Nov (4)	Dec (14)
2018	Jan (15)	Feb (2)	Mar (3)	Apr (5)	May (8)	Jun (12)	Jul (19)	Aug (16)	Sep (8)	Oct (13)	Nov (15)	Dec (10)
2019	Jan (9)	Feb (3)	Mar	Apr (2)	May	Jun (1)	Jul	Aug (5)	Sep (5)	Oct (12)	Nov (4)	Dec
2020	Jan (2)	Feb (6)	Mar	Apr	May (11)	Jun (1)	Jul (3)	Aug (22)	Sep (8)	Oct	Nov (2)	Dec
2021	Jan (7)	Feb	Mar (19)	Apr	May (10)	Jun (5)	Jul (7)	Aug (3)	Sep (1)	Oct	Nov (10)	Dec (4)
2022	Jan (17)	Feb	Mar (7)	Apr (3)	May	Jun (1)	Jul (3)	Aug	Sep	Oct (6)	Nov	Dec
2023	Jan	Feb (5)	Mar (1)	Apr (3)	May	Jun (3)	Jul (2)	Aug	Sep	Oct	Nov (6)	Dec
2024	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (15)	Apr (8)	May (10)	Jun	Jul	Aug	Sep	Oct	Nov	Dec

Flat | Threaded

<< < 1 .. 60 61 62 63 64 > >> (Page 62 of 64)

Re: [Sshguard-users] [Sshguard-maintainers] Not catching failed passwords

From: Mij <mi...@bi...> - 2007-10-23 15:24:29

On 20/ott/07, at 18:49, Forrest Aldrich wrote:

> sshguard is not catching failed password attempts for "valid" users:
>
> Oct 20 10:10:56 gw sshd[86897]: Failed password for root from  
> 80.93.212.74 port 53760 ssh2
> Oct 20 10:10:57 gw sshd[86899]: Failed password for root from  
> 80.93.212.74 port 53839 ssh2
> Oct 20 10:10:59 gw sshd[86901]: Failed password for root from  
> 80.93.212.74 port 53913 ssh2
> Oct 20 10:11:01 gw sshd[86903]: Failed password for root from  
> 80.93.212.74 port 53985 ssh2
> Oct 20 10:11:02 gw sshd[86918]: Failed password for root from  
> 80.93.212.74 port 54060 ssh2
> Oct 20 10:11:04 gw sshd[86920]: Failed password for root from  
> 80.93.212.74 port 54146 ssh2
> Oct 20 10:11:05 gw sshd[86922]: Failed password for root from  
> 80.93.212.74 port 54217 ssh2
> Oct 20 10:11:07 gw sshd[86924]: Invalid user administrator from  
> 80.93.212.74
> Oct 20 10:11:07 gw sshd[86924]: Failed password for invalid user  
> administrator from 80.93.212.74 port 54290 ssh2
> Oct 20 10:11:09 gw sshd[86926]: Invalid user administrator from  
> 80.93.212.74
> Oct 20 10:11:09 gw sshd[86926]: Failed password for invalid user  
> administrator from 80.93.212.74 port 54369 ssh2
> Oct 20 10:11:10 gw sshd[86928]: Invalid user administrator from  
> 80.93.212.74
> Oct 20 10:11:10 gw sshd[86928]: Failed password for invalid user  
> administrator from 80.93.212.74 port 54444 ssh2
> Oct 20 10:11:12 gw sshd[86930]: Invalid user administrator from  
> 80.93.212.74
> Oct 20 10:11:12 gw sshguard[85248]: Blocking 80.93.212.74: X  
> failures over X seconds.
>
> But it catches an invalid user.   It should be especially sensitive  
> of the failed root password attempts.  Even though I do not allow  
> root logins.

this is strange. Would you try running sshguard in debug mode (-d),  
inject the "failed password" strings
and see if sshguard reacts (it should) and when it gets to 4 failed  
attempts, if it runs the blocking command
(it should) and if it fails what it tells