10-15-2007
denyhosts might also be a useful tool.
7 More Discussions You Might Find Interesting
1. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
2. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
3. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
4. Cybersecurity
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies
5. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
6. UNIX for Dummies Questions & Answers
Hi everyone,
I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and... (3 Replies)
Discussion started by: ws6transam
3 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT DEBIAN
denyhosts
DENYHOSTS(8) User Commands DENYHOSTS(8)
NAME
DenyHosts - version: 2.6
DESCRIPTION
DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. DenyHosts will also inform Linux
administrators about offending hosts, attacked users and suspicious logins.
Usage: /usr/sbin/denyhosts [-f logfile | --file=logfile] [ -c configfile | --config=configfile] [-i | --ignore] [-n | --noemail] [--purge]
[--migrate] [--daemon] [--sync] [--version]
--file:
The name of log file to parse
--ignore: Ignore last processed offset (start processing from beginning)
--noemail: Do not send an email report
--unlock: if lockfile exists, remove it and run as normal
--migrate: migrate your HOSTS_DENY file so that it is suitable for --purge
--purge: expire entries older than your PURGE_DENY setting
--daemon: run DenyHosts in daemon mode
--foreground: run DenyHosts in foreground mode
--sync: run DenyHosts synchronization mode
--version: Prints the version of DenyHosts and exits
Note: multiple --file args can be processed. If multiple files are provided, --ignore is implied
Note: in a debian system, the default running mode is daemon mode and the configuration file is etc/denyhosts.conf
When run in --daemon mode the following flags are ignored:
--file, --purge, --migrate, --sync, --verbose
SEE ALSO
Please refer to http://denyhosts.sourceforge.net/faq.html for full documentation This file can be also found in /usr/share/doc/deny-
hosts/FAQ.html
AUTHOR
DenyHosts was written by Phil Schwartz <phil_schwartz@users.sourceforge.net>
This manual page was written by Marco Bertorello <marco@bertorello.ns0.it> for the Debian project (but may be used by others).
DenyHosts version: 2.6 July 2006 DENYHOSTS(8)