On Mon, 2012-08-13 at 13:30 -0400, m.r...@5-cent.us wrote:
> Sorry, can't do that with servers whose websites are open to the world,
> and when folks here have collaborators around the world.
Well if those people have to log in using SSH from all across the world
white listing would not be feasibl
Leonard den Ottolander wrote:
> Hello Gé,
>
> On Mon, 2012-08-13 at 09:41 -0700, Gé Weijers wrote:
>> Some attack programs are too stupid to give up even if they find that
>> password and keyboard interactive authentication is turned off. One
>> kept trying for weeks.
>
> Well I guess one *could* f
Hello Gé,
On Mon, 2012-08-13 at 09:41 -0700, Gé Weijers wrote:
> Some attack programs are too stupid to give up even if they find that
> password and keyboard interactive authentication is turned off. One
> kept trying for weeks.
Well I guess one *could* filter on the disconnect string to block s
Gé Weijers wrote:
> On Mon, Aug 13, 2012 at 9:01 AM, Leonard den Ottolander
> wrote:
>> Hello Mark,
>>
>> On Mon, 2012-08-13 at 11:30 -0400, m.r...@5-cent.us wrote:
>>> Aug 10 17:44:56 sshd[12350]: Connection from
>>> 114.113.199.142 port 511 871
>>> Aug 10 17:44:57 sshd[12341]: Received disconn
On Mon, Aug 13, 2012 at 9:01 AM, Leonard den Ottolander
wrote:
> Hello Mark,
>
> On Mon, 2012-08-13 at 11:30 -0400, m.r...@5-cent.us wrote:
>> Aug 10 17:44:56 sshd[12350]: Connection from 114.113.199.142
>> port 511
>> 871
>> Aug 10 17:44:57 sshd[12341]: Received disconnect from
>> 114.113.199.1
Hello Mark,
On Mon, 2012-08-13 at 11:30 -0400, m.r...@5-cent.us wrote:
> Aug 10 17:44:56 sshd[12350]: Connection from 114.113.199.142
> port 511
> 871
> Aug 10 17:44:57 sshd[12341]: Received disconnect from
> 114.113.199.144
> 2: 11: Bye Bye
I'm confused, what exactly is the problem? Fail2ban o
Leonard den Ottolander wrote:
> Hello Mark,
>
> On Mon, 2012-08-13 at 10:48 -0400, m.r...@5-cent.us wrote:
>> Remember reading about that, and on the server I happen to be looking
>> at,
>> it's been set that way since 18 May. Any other ideas?
>
> The first thing I can think of is you forgot to res
Hello Mark,
On Mon, 2012-08-13 at 10:48 -0400, m.r...@5-cent.us wrote:
> Remember reading about that, and on the server I happen to be looking at,
> it's been set that way since 18 May. Any other ideas?
The first thing I can think of is you forgot to restart the service
after making the configura
Leonard den Ottolander wrote:
> Hello Mark,
>
> On Mon, 2012-08-13 at 09:26 -0400, m.r...@5-cent.us wrote:
>> We're seeing on a few of our servers - and sometimes it's only
>> occasionally on some of those - where fail2ban's running happily, AFAIK,
>> but there's an attack (from China, Brazil, etc)
Hello Mark,
On Mon, 2012-08-13 at 09:26 -0400, m.r...@5-cent.us wrote:
> We're seeing on a few of our servers - and sometimes it's only
> occasionally on some of those - where fail2ban's running happily, AFAIK,
> but there's an attack (from China, Brazil, etc) on ssh, and they don't
> seem to be b
We're seeing on a few of our servers - and sometimes it's only
occasionally on some of those - where fail2ban's running happily, AFAIK,
but there's an attack (from China, Brazil, etc) on ssh, and they don't
seem to be banned; I see many, many sorries for wrong username or
password.
It *seems* to w
11 matches
Mail list logo
