Bryan Phinney ([EMAIL PROTECTED]) wrote:
> Output from BFD:
>
[...]
> Dec 27 18:07:35 hostname sshd[9101]: Invalid user test from 63.203.221.245
> Dec 27 18:07:35 hostname sshd[9101]: Failed password for invalid user test
> from 63.203.221.245 port 56177 ssh2
> Dec 27 18:08:00 hostname BFD(
Output from BFD:
The remote system 63.203.221.245 was found to have exceeded acceptable login
failures on system.my.domain. As such the attacking host has been banned from
further accessing this system; for the integrity of your host you should
investigate this event as soon as possible.
The f
For any interested. I was not able to improve my own script any further but I
was able to get BFD by R-fx networks working on my system.
http://rfxnetworks.com/bfd.php
BFD is a modular shell script for parsing applicable logs and checking for
authentication failures. There is not much complex
Bryan Phinney ([EMAIL PROTECTED]) wrote:
> On Thursday 23 December 2004 04:35, Tony S. Sykes wrote:
> > Brian,
> >
> > I would like a copy, as my system has just been hacked by an ssh user (or
> > at least I think it has) a few days ago 100%, but was busy so disregarded
> > it at the time, then cam
Not that I would suggest any particular course of action for anyone but
something just occurred to me. If a machine is probing my system using a
known SSH exploit, that probably means that someone else has compromised that
system and that it is wide open. Given that these shell accounts that
On Thursday 23 December 2004 04:35, Tony S. Sykes wrote:
> Brian,
>
> I would like a copy, as my system has just been hacked by an ssh user (or
> at least I think it has) a few days ago 100%, but was busy so disregarded
> it at the time, then came back to the machine and it was in text only mode.
>
On Wednesday 22 December 2004 10:00, J. David Boyd wrote:
I was trying to get the sshd-sentry script to work but it just won't do
anything on my system. I thought that I had it working for a bit because I
saw some activity but I just can't get it to work reliably enough that I
trust it to stop
Benjamin Pflugmann writes:
> Another thing I would change is to avoid changing host.deny
> directly. You can make hosts.deny look into other files like this:
>
> sshd: /etc/host.deny.foo
>
This is a great idea, and thanks. I much prefer this.
Dave
_
On Tue 2004-12-21 at 13:11:12 -0500, [EMAIL PROTECTED] wrote:
> Bryan Phinney <[EMAIL PROTECTED]> writes:
[...]
> Hi Bryan, pretty cool, the only thing I would suggest is using Damian
> Conways's Regexp::Common module in a Perl script to parse the IP
> address out.
[...]
> #remove extra entries fro
J. David Boyd ([EMAIL PROTECTED]) wrote:
> Bryan Phinney <[EMAIL PROTECTED]> writes:
>
> > Well, my little script is very quick and dirty but after about a week of
> > being hit multiple times every night, I haven't yet found it parsing logs
> > wrong on my system but that doesn't mean much beyond
Bryan Phinney <[EMAIL PROTECTED]> writes:
> Well, my little script is very quick and dirty but after about a week of
> being hit multiple times every night, I haven't yet found it parsing logs
> wrong on my system but that doesn't mean much beyond my system.
I just had some different text in mine
On Tuesday 21 December 2004 13:11, J. David Boyd wrote:
> Turns out they have been, every night for weeks, (my bad), but now
> with my modified script (based on your great contribution), they won't be
> doing it more than once.
Well, my little script is very quick and dirty but after about a week
Bryan Phinney <[EMAIL PROTECTED]> writes:
> Here is a script I wrote to work around SSH probes. It is NOT elegant, very
> quick and dirtyish but it does seem to work and it can be run from a cron
> job fairly often without problems.
>
Hi Bryan, pretty cool, the only thing I would suggest is usi
13 matches
Mail list logo