... Sep 20 12:37:52 84-16-251-18 sshd[27784]: Illegal user webmaster from ::ffff:216.24.126.67 Sep 20 12:37:56 84-16-251-18 sshd[27790]: Illegal user webadmin from ::ffff:216.24.126.67 Sep 20 12:37:58 84-16-251-18 sshd[27794]: Illegal user ftpuser from ::ffff:216.24.126.67 Sep 20 12:37:59 84-16-251-18 sshd[27796]: Illegal user testuser from ::ffff:216.24.126.67 Sep 20 12:38:01 84-16-251-18 sshd[27798]: Illegal user testuser from ::ffff:216.24.126.67 Sep 20 12:38:02 84-16-251-18 sshd[27802]: Illegal user test from ::ffff:216.24.126.67 Sep 20 12:38:03 84-16-251-18 sshd[27804]: Illegal user guestuser from ::ffff:216.24.126.67 Sep 20 12:38:04 84-16-251-18 sshd[27806]: Illegal user test01 from ::ffff:216.24.126.67 Sep 20 12:38:05 84-16-251-18 sshd[27808]: Illegal user test2 from ::ffff:216.24.126.67 Sep 20 12:38:06 84-16-251-18 sshd[27810]: Illegal user test3 from ::ffff:216.24.126.67 Sep 20 12:38:08 84-16-251-18 sshd[27812]: Illegal user test4 from ::ffff:216.24.126.67 Sep 20 12:38:09 84-16-251-18 sshd[27814]: Illegal user test5 from ::ffff:216.24.126.67 Sep 20 12:38:10 84-16-251-18 sshd[27816]: Illegal user test6 from ::ffff:216.24.126.67 Sep 20 12:38:11 84-16-251-18 sshd[27818]: Illegal user test7 from ::ffff:216.24.126.67 Sep 20 12:38:12 84-16-251-18 sshd[27822]: Illegal user test8 from ::ffff:216.24.126.67 Sep 20 12:38:13 84-16-251-18 sshd[27824]: Illegal user test9 from ::ffff:216.24.126.67 Sep 20 12:38:15 84-16-251-18 sshd[27826]: Illegal user test10 from ::ffff:216.24.126.67 Sep 20 12:38:16 84-16-251-18 sshd[27828]: Illegal user user1 from ::ffff:216.24.126.67 Sep 20 12:38:17 84-16-251-18 sshd[27830]: Illegal user user2 from ::ffff:216.24.126.67 Sep 20 12:38:18 84-16-251-18 sshd[27832]: Illegal user user3 from ::ffff:216.24.126.67 Sep 20 12:38:19 84-16-251-18 sshd[27834]: Illegal user user4 from ::ffff:216.24.126.67 Sep 20 12:38:20 84-16-251-18 sshd[27836]: Illegal user user5 from ::ffff:216.24.126.67 Sep 20 12:38:22 84-16-251-18 sshd[27838]: Illegal user user6 from ::ffff:216.24.126.67 Sep 20 12:38:23 84-16-251-18 sshd[27842]: Illegal user user7 from ::ffff:216.24.126.67 Sep 20 12:38:24 84-16-251-18 sshd[27844]: Illegal user user8 from ::ffff:216.24.126.67 Sep 20 12:38:25 84-16-251-18 sshd[27846]: Illegal user user9 from ::ffff:216.24.126.67 Sep 20 12:38:26 84-16-251-18 sshd[27848]: Illegal user user10 from ::ffff:216.24.126.67 Sep 20 12:38:27 84-16-251-18 sshd[27850]: Illegal user simon from ::ffff:216.24.126.67 Sep 20 12:38:29 84-16-251-18 sshd[27852]: Illegal user david from ::ffff:216.24.126.67 Sep 20 12:38:30 84-16-251-18 sshd[27854]: Illegal user monica from ::ffff:216.24.126.67 Sep 20 12:38:31 84-16-251-18 sshd[27856]: Illegal user sql from ::ffff:216.24.126.67 Sep 20 12:38:33 84-16-251-18 sshd[27862]: Illegal user sybase from ::ffff:216.24.126.67 Sep 20 12:38:34 84-16-251-18 sshd[27864]: Illegal user informix from ::ffff:216.24.126.67 Sep 20 12:38:54 84-16-251-18 sshd[27902]: Illegal user shell from ::ffff:216.24.126.67 Sep 20 12:38:55 84-16-251-18 sshd[27904]: Illegal user noaccess from ::ffff:216.24.126.67 ... Is there a way to block sshd login-requests from other ip-ranges than germany? Or something else I could do against these assh......?
THX! But, well...this seems not to be ok? Code: starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg Can't read: /private/var/log/system.log [Errno 2] No such file or directory: '/private/var/log/system.log' Error deleting DenyHosts lock file: /var/run/denyhosts.pid [Errno 2] No such file or directory: '/var/run/denyhosts.pid'
...sorry, found it...it activated 2 lines in denyhosts.cfg, so it took the second for mac with the logfile instead of my debian auth.log....changed and restarted with no errors Actually I took 2.5 which was the newest version...that's ok?
denyhosts....newest stable version i found was not 2.0...2.5 was newest, so i installed this one anything else that might be done that quick to higher the security with debian 3.1 and ISPConfig 2.2.6? I already use postgrey...but that's it.
well, if you have a packet manager I'd use that one... on debian apt on suse yum on RH rpm I think on other systems no clue... Well newer version is normally better but I just like the apt-get install on debian and the regular apt-get update and then apt-get upgrade
I didn't know that denyhosts comes with apt-get...the tutorial only told about getting it manually with wget, so I used this way, having in mind that he did it for debian and so he would have used apt-get, if this would have been possible, but, next time i try it first with apt-get however, I'm still learning. This server is actually my first linux-experience, so, I try to read first before fool around with some stuff...so I hope doing it all right (without always knowing what I do, haha)
ups, you're right... it doesn't come with apt-get my mistake... it's been a while since I installed it
just realising taking a skypename with a dot "." inside was not a good idea, all indicators get confused by this, lol
Have a look here: http://www.howtoforge.com/forums/showthread.php?t=5515&highlight=brute+force http://www.howtoforge.com/forums/showthread.php?t=4611&highlight=brute+force This might also be interesting: http://www.howtoforge.com/intrusion_detection_with_ossec_hids
