Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Bruteforce attack on my pc
Top Forums UNIX for Dummies Questions & Answers Bruteforce attack on my pc Post 302140825 by indo1144 on Tuesday 16th of October 2007 08:40:03 AM
Old 10-16-2007
fail2ban
Quote:
Originally Posted by rdns
since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise
You really should look into a neat program called "fail2ban". I have it running on a Debian-server and it's great.
You can configure how many retries someone has after a password-failure and how long they are banned (two hours in my case). It continually scans your /var/log/auth.log and acts. Check out Main Page - Fail2ban for more info.

Quote:
2007-10-14 15:28:26,088 fail2ban.actions: WARNING [ssh] Ban 61.146.178.13
2007-10-14 17:28:26,809 fail2ban.actions: WARNING [ssh] Unban 61.146.178.13
2007-10-15 19:27:09,866 fail2ban.actions: WARNING [ssh] Ban 218.234.170.147
2007-10-15 21:27:10,316 fail2ban.actions: WARNING [ssh] Unban 218.234.170.147
 

7 More Discussions You Might Find Interesting

1. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

2. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

3. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

4. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies

5. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

6. UNIX for Dummies Questions & Answers

I need a database and a plan of attack!

Hi everyone, I've got an extensive collection of seismic files that I am trying to turn into workable subsurface data collection. It's all real-time history and it is being loaded onto the main linux computer from a collection of about 1000 CDs. There are about 4000 seismic files on each CD, and... (3 Replies)
Discussion started by: ws6transam
3 Replies

7. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT DEBIAN

fail2ban-regex

FAIL2BAN-REGEX(1)						   User Commands						 FAIL2BAN-REGEX(1)

NAME

       fail2ban-regex - test Fail2ban "failregex" option

SYNOPSIS

       fail2ban-regex [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]

DESCRIPTION

       Fail2Ban v0.8.2 reads log file that contains password failure report and bans the corresponding IP addresses using firewall rules.

       This tools can test regular expressions for "fail2ban".

OPTIONS

       -h, --help
	      display this help message

       -V, --version
	      print the version

LOG

       string a string representing a log line

       filename
	      path to a log file (/var/log/auth.log)

REGEX

       string a string representing a 'failregex'

       filename
	      path to a filter file (filter.d/sshd.conf)

   IgnoreRegex:
       string a string representing an 'ignoreregex'

       filename
	      path to a filter file (filter.d/sshd.conf)

AUTHOR

       Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.  Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.

REPORTING BUGS

       Report bugs to <cyril.jaquier@fail2ban.org>

COPYRIGHT

       Copyright (C) 2004-2008 Cyril Jaquier
       Copyright of modifications held by their respective authors.  Licensed under the GNU General Public License v2 (GPL).

SEE ALSO

       fail2ban-client(1) fail2ban-server(1)

fail2ban-regex v0.8.2						    March 2008							 FAIL2BAN-REGEX(1)
All times are GMT -4. The time now is 12:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy