Looks like it's not working here. I intalled Ruby. I copied the script in /usr/share/denyhosts/ I configured the PLUGIN_DENY= to /usr/share/denyhosts/name_of_script.rb and restarted denyhosts.
That's it right ? Any way to make tests ? Jul 22 08:34:37 tyesun sshd[18962]: refused connect from ::ffff:61.7.255.30 (::ffff:61.7.255.30) [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 /bin/cat: /var/log/sshd/*: No such file or directory ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting (RuntimeError) I changed the LOG_FILE to /var/log/secure, and it is now working (a small readme should come with the file in order to explain this). Now, when I run the command, I got this: [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 ./notify_isp.rb:134: Host 61.7.255.30 has already been reported. Not reporting again. (RuntimeError) SWK wrote: > Hi Nazar,... > > nice script,... i plugged it in and now i'm still waiting for the first nerd > to trap in ...*g > > Is it possible to add a "CC"-Variable in the message to have a copy of the > sended email? > > Regards ... > > Stefan > > Nazar Aziz schrieb: >> Hi List. >> >> Just wanted to drop a quick email to say that I've developed a >> DenyHosts plugin that will notify the attacker's ISP with an excerpt >> from your sshd log file. I've been running this script for the last >> two days and I've had half a dozen positive replies from system admins >> who've subsequently disconnected offending servers. >> >> Downloaded it here:http://github.com/nazar/report-hack-isp/tree/master >> >> Instructions: http://github.com/nazar/report-hack-isp/wikis >> >> Why I did this: >> http://panthersoftware.com/articles/view/5/automatically-report-all-ssh-brute-force-attacks-to-isps >> >> Cheers. >> >> Nazar >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Denyhosts-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >> > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
