Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server?
Special Forums Cybersecurity Failed SSHD Login Attempts (15,000 per day) - Is that a lot compared to your server? Post 303039264 by stomp on Friday 27th of September 2019 01:02:18 PM
Old 09-27-2019
Quote:
fail2ban ... What do you think? Is that an important metric to add, do you think?
It maybe fail2ban is configured properly, up and running. That will definitely explain a rate below average. But f2b can be running without being configured to do blocking at all or not correctly adapted to the system. It may be a weak variable.

What regards the ssh port. From my experience it will make a huge difference if it's running on default port 22 or a custom port. Most attackers are just using the easiest methods because there's still enough to harvest.

Regarding my server list:

I did a quick check and removed the results which might not be plausible(flapm <= 0). There might be a pool of servers not shown because flapm rounded down to zero.
Last edited by stomp; 09-27-2019 at 02:10 PM..
This User Gave Thanks to stomp For This Post:
Neo
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Maximum 3 login attempts

Hi, I notice in my Sun Solaris 8 sparc workstation, if I failed my login in the 5th time, I will be closed the connection from the host. I want to make 3 times. That is, if user fails to login with 3 attempts, he will be closed the connection. How to do it? Of course I am the admin of the... (2 Replies)
Discussion started by: champion
2 Replies

2. Solaris

invalid login attempts...

I am wondering if solaris captures id's associated w/invalid login attempts? when I try to login as "test1" several (3-5) times, I do not find any userID info under "/var/adm" files: utmpx wtmpx messages lastlog Is there another location/log I should be checking? Is it necessary for... (6 Replies)
Discussion started by: mr_manny
6 Replies

3. AIX

Denying IPaddress for Multiple Failed Login Attempts

Hi. I would like to be able to deny IP address for too many failed login attemps (either from ssh, sftp, ftp, etc). The system I wish this to work on is an AIX 5.1 system. I'm new to AIX but I'm a linux user. There is a program for linux called fail2ban which reads from the log files and see if... (1 Reply)
Discussion started by: metzgerh
1 Replies

4. AIX

ftp check for failed attempts

Hi, I have created the below ftp script to put files over to our capacity server, the check at the end works if ftp fails to run however if the script cannot login or the transfer itself failed there is no warnings. Does anyone know the syntax to trap the erorr codes or to put a check within... (3 Replies)
Discussion started by: chlawren
3 Replies

5. Solaris

Number of login attempts on solaris 10

Hi, I want to sent number of login attempts ,so that after that much attempts user account should be locked on solaris 10 (2 Replies)
Discussion started by: manoj.solaris
2 Replies

6. AIX

Invalid login attempts

How can I see the number of invalid login attempts of a user? Thanks, (9 Replies)
Discussion started by: agasamapetilon
9 Replies

7. Shell Programming and Scripting

Shell script in tracking both the passed and failed login in a unix server

Can you help me in providing the following output or a quite similar to this from a shell script ? *** Logins Summary Information ***** ---------------------------------- Failed Login Attempts for Invalid Accounts Date Time IP-ADD Account ... (0 Replies)
Discussion started by: linuxgeek
0 Replies

8. UNIX for Dummies Questions & Answers

TCP failed connection attempts from netstat -s

Dear experts, I am seeing a lot of TCP failed connection attempts from "netstat -s" on one of our servers. How can I pin point what connection failed and what are the ports involved? Any tools/commands I can dig in deeper to diag. what went wrong on these "failed connection attempts"? ... (2 Replies)
Discussion started by: cache51
2 Replies

9. Solaris

Solaris logs - Tracking failed attempts from my host

Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies

LEARN ABOUT FREEBSD

upsc

UPSC(8) 							    NUT Manual								   UPSC(8)

NAME

       upsc - example lightweight UPS client

SYNOPSIS

       upsc -l | -L [host]

       upsc ups [variable]

       upsc -c ups

DESCRIPTION

       upsc is provided as a quick way to poll the status of a UPS server. It can be used inside shell scripts and other programs that need UPS
       data but don't want to include the full interface.

OPTIONS

       -l host
	   List all UPS names configured at host, one name per line. The hostname defaults to "localhost". You may optionally add a colon and a
	   port number.

       -L host
	   As above, list all UPS names configured at host, including their description provided by the remote upsd(8) from ups.conf(5). The
	   hostname defaults to "localhost". You may optionally add a colon and a port number to override the default port.

       -c ups
	   Lists each client connected on ups, one name per line.

       ups
	   Display the status of that UPS. The format for this option is upsname[@hostname[:port]]. The default hostname is "localhost".

       variable
	   Display the value of this variable only. By default, upsc retrieves the list of variables from the server and then displays the value
	   for each. This may be useful in shell scripts to save an additional pipe into grep.

EXAMPLES

       To list all variables on an UPS named "myups" on a host called "mybox", with upsd(8) running on port 1234:

	   $ upsc myups@mybox:1234
	   battery.charge: 100.0
	   battery.voltage: 13.9
	   battery.voltage.nominal: 13.6
	   . . .

       To list the UPSes configured on this system, along with their descriptions:

	   $ upsc -L
	   apc: Back-UPS 500
	   ppro2: Patriot Pro II

       To retrieve the status for all UPSes connected to mybox, using Bourne-shell syntax:

	   $ for UPS in `upsc -l mybox:1234`; do
	       upsc $UPS ups.status
	   done

       To list clients connected on "myups":

	   $ upsc -c myups
	   127.0.0.1
	   ::1
	   192.168.1.2

DIAGNOSTICS

       upsc will either print a list of UPS names, a list of all supported variables and their values on the UPS, or an error message. If you
       receive an error, make sure you have specified a valid UPS on the command line, that upsd(8) is really running on the other host and that
       no firewalls are blocking you.

HISTORY

       Earlier versions of this program used the upsfetch library and UDP sockets to talk to upsd. This version of upsc uses the new upsclient
       library, which only talks TCP. This is why upsct no longer exists.

SEE ALSO

       upsd(8)

INTERNET RESOURCES

       The NUT (Network UPS Tools) home page: http://www.networkupstools.org/

Network UPS Tools						    05/21/2012								   UPSC(8)
All times are GMT -4. The time now is 12:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy