HomeFailed password on existing user not detected...

Reply to comment

Failed password on existing user not detected...

Mon, 2005–Dec–05

Hi,

the following logs are not detected by the script:

Dec 4 20:15:46 bs sshd[10058]: Failed password for root from 195.140.143.60 port 53581 ssh2
Dec 4 20:15:49 bs sshd[10060]: Failed password for root from 195.140.143.60 port 54049 ssh2
Dec 4 20:15:51 bs sshd[10062]: Failed password for root from 195.140.143.60 port 54909 ssh2
Dec 4 20:15:53 bs sshd[10064]: Failed password for root from 195.140.143.60 port 55280 ssh2
Dec 4 20:15:56 bs sshd[10066]: Failed password for root from 195.140.143.60 port 56104 ssh2
Dec 4 20:15:58 bs sshd[10068]: Failed password for root from 195.140.143.60 port 56472 ssh2
Dec 4 20:16:01 bs sshd[10070]: Failed password for root from 195.140.143.60 port 57305 ssh2
Dec 4 20:16:03 bs sshd[10082]: Failed password for root from 195.140.143.60 port 58088 ssh2

It will be great if such situation could be managed...
ie : detecting a brute-force attack (exemple, 5-6 password tryed withint 4 minutes ...) and deny ip address....
Using ubuntu 5.10

Regards,
Jaycee.

Reply

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <b> <span> <pre> <hr>
  • Lines and paragraphs break automatically.
  • You may use [acidfree:xx] tags to display acidfree videos or images inline.
  • [l:URL text] input tags replaced with HTML links. URL may be Drupal internal path. [ Link Filter Tips ]

More information about formatting options