Hi Saint. Thanks for the update. I've modified the plugin slightly to point it to the documentation here: http://github.com/nazar/report-hack-isp/wikis/home
Please drop me an email if I've missed anything and I'll add it to the wiki. Cheers. 2008/7/25 S A I N T - 4 2 <[EMAIL PROTECTED]>: > Everything is working correctly since I changed the SSH LOG FILE from > /var/log/ssh/* to /var/log/secure > > Also, the file /var/log/notify_isp.log was not created and was an issue. I > did a simple "touch". > > Everything is working OK now.. : > > [EMAIL PROTECTED]:/usr/share/denyhosts> cat /var/log/notify_isp.log > Report generated for 61.7.255.30 and sent to [EMAIL PROTECTED] on Thu Jul 24 > 23:46:33 -0700 2008 > Report generated for 61.7.255.30 and sent to [EMAIL PROTECTED] on Thu Jul 24 > 23:46:34 -0700 2008 > > When you'll write the README -I can do it if you want- you need to talk > about those 2 stuff :) > > Thanks > > Nazar Aziz wrote: >> >> HI there. >> >>> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >>> /bin/cat: /var/log/sshd/*: No such file or directory >>> ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting >>> (RuntimeError) >> >>> /bin/cat: /var/log/sshd/*: No such file or directory >> >> >> Can you check that your sshd log files are in /var/log/sshd (as set in >> the LOG_FILE constant) as it appears that cat is not able to find that >> directory. >> >> Cheers. >> >> 2008/7/25 S A I N T - 4 2 <[EMAIL PROTECTED]>: >>> >>> Looks like it's not working here. >>> I intalled Ruby. >>> I copied the script in /usr/share/denyhosts/ >>> I configured the PLUGIN_DENY= to /usr/share/denyhosts/name_of_script.rb >>> and restarted denyhosts. >>> >>> That's it right ? >>> Any way to make tests ? >>> >>> Jul 22 08:34:37 tyesun sshd[18962]: refused connect from >>> ::ffff:61.7.255.30 >>> (::ffff:61.7.255.30) >>> >>> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >>> /bin/cat: /var/log/sshd/*: No such file or directory >>> ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting >>> (RuntimeError) >>> >>> >>> I changed the LOG_FILE to /var/log/secure, and it is now working (a small >>> readme should come with the file in order to explain this). >>> >>> Now, when I run the command, I got this: >>> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >>> ./notify_isp.rb:134: Host 61.7.255.30 has already been reported. Not >>> reporting again. (RuntimeError) >>> >>> >>> >>> >>> >>> >>> SWK wrote: >>>> >>>> Hi Nazar,... >>>> >>>> nice script,... i plugged it in and now i'm still waiting for the first >>>> nerd to trap in ...*g >>>> >>>> Is it possible to add a "CC"-Variable in the message to have a copy of >>>> the >>>> sended email? >>>> >>>> Regards ... >>>> >>>> Stefan >>>> >>>> Nazar Aziz schrieb: >>>>> >>>>> Hi List. >>>>> >>>>> Just wanted to drop a quick email to say that I've developed a >>>>> DenyHosts plugin that will notify the attacker's ISP with an excerpt >>>>> from your sshd log file. I've been running this script for the last >>>>> two days and I've had half a dozen positive replies from system admins >>>>> who've subsequently disconnected offending servers. >>>>> >>>>> Downloaded it here:http://github.com/nazar/report-hack-isp/tree/master >>>>> >>>>> Instructions: http://github.com/nazar/report-hack-isp/wikis >>>>> >>>>> Why I did this: >>>>> >>>>> >>>>> http://panthersoftware.com/articles/view/5/automatically-report-all-ssh-brute-force-attacks-to-isps >>>>> >>>>> Cheers. >>>>> >>>>> Nazar >>>>> >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>> challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>> prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>> world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _______________________________________________ >>>>> Denyhosts-user mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >>>>> >>>> >>>> >>>> ------------------------------------------------------------------------- >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>> challenge >>>> Build the coolest Linux based applications with Moblin SDK & win great >>>> prizes >>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>> world >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>> _______________________________________________ >>>> Denyhosts-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >>>> >> > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
