[FreeBSD] pf ile korunma
Dun ayni ip'den httpd-error.log dosyasina dusen bilgiler.Bu ip'ye block koymanin disinda daha iyi bir yol varmi. Sep 15 20:22:25 wall sshd[3570]: Failed password for illegal user named from 60.248.115.160 port 55881 ssh2Sep 15 20:22:29 wall sshd[3572]: Failed password for illegal user ntp from 60.248.115.160 port 55992 ssh2Sep 15 20:22:34 wall sshd[3574]: Failed password for illegal user webadmin from 60.248.115.160 port 56426 ssh2Sep 15 20:22:41 wall sshd[3576]: Failed password for illegal user mail from 60.248.115.160 port 56811 ssh2Sep 15 20:22:46 wall sshd[3578]: Failed password for news from 60.248.115.160 port 57613 ssh2Sep 15 20:22:52 wall sshd[3580]: Failed password for operator from 60.248.115.160 port 58035 ssh2Sep 15 20:22:55 wall sshd[3582]: Failed password for illegal user george from 60.248.115.160 port 58451 ssh2Sep 15 20:22:59 wall sshd[3584]: Failed password for illegal user mike from 60.248.115.160 port 58556 ssh2Sep 15 20:23:04 wall sshd[3586]: Failed password for illegal user richard from 60.248.115.160 port 58972 ssh2Sep 15 20:23:08 wall sshd[3588]: Failed password for illegal user sharon from 60.248.115.160 port 59342 ssh2Sep 15 20:23:12 wall sshd[3590]: Failed password for illegal user sasha from 60.248.115.160 port 59764 ssh2Sep 15 20:23:18 wall sshd[3592]: Failed password for illegal user testuser from 60.248.115.160 port 60191 ssh2Sep 15 20:23:21 wall sshd[3594]: Failed password for illegal user temp from 60.248.115.160 port 60625 ssh2Sep 15 20:23:25 wall sshd[3596]: Failed password for illegal user var from 60.248.115.160 port 60999 ssh2Sep 15 20:23:29 wall sshd[3598]: Failed password for illegal user alex from 60.248.115.160 port 32874 ssh2Sep 15 20:23:34 wall sshd[3600]: Failed password for illegal user alexander from 60.248.115.160 port 33301 ssh2Sep 15 20:23:41 wall sshd[3602]: Failed password for illegal user info from 60.248.115.160 port 33673 ssh2Sep 15 20:23:45 wall sshd[3604]: Failed password for illegal user russ from 60.248.115.160 port 34463 ssh2Sep 15 20:23:49 wall sshd[3606]: Failed password for illegal user rich from 60.248.115.160 port 34569 ssh2Sep 15 20:23:54 wall sshd[3608]: Failed password for illegal user andrew from 60.248.115.160 port 34995 ssh2 Iyi calismalar.
Re: [FreeBSD] pf ile korunma
merhaba, Bunlar httpd'ye degil ssh'e gelen istekler. Teker teker ip girmek yerine SSH'i herkese kapatip sadece istediginiz ip'lere acin. selamlar... Kemal FIRAT wrote: Dun ayni ip'den httpd-error.log dosyasina dusen bilgiler.Bu ip'ye block koymanin disinda daha iyi bir yol varmi. Sep 15 20:22:25 wall sshd[3570]: Failed password for illegal user named from 60.248.115.160 port 55881 ssh2 Sep 15 20:22:29 wall sshd[3572]: Failed password for illegal user ntp from 60.248.115.160 port 55992 ssh2 Sep 15 20:22:34 wall sshd[3574]: Failed password for illegal user webadmin from 60.248.115.160 port 56426 ssh2 Sep 15 20:22:41 wall sshd[3576]: Failed password for illegal user mail from 60.248.115.160 port 56811 ssh2 Sep 15 20:22:46 wall sshd[3578]: Failed password for news from 60.248.115.160 port 57613 ssh2 Sep 15 20:22:52 wall sshd[3580]: Failed password for operator from 60.248.115.160 port 58035 ssh2 Sep 15 20:22:55 wall sshd[3582]: Failed password for illegal user george from 60.248.115.160 port 58451 ssh2 Sep 15 20:22:59 wall sshd[3584]: Failed password for illegal user mike from 60.248.115.160 port 58556 ssh2 Sep 15 20:23:04 wall sshd[3586]: Failed password for illegal user richard from 60.248.115.160 port 58972 ssh2 Sep 15 20:23:08 wall sshd[3588]: Failed password for illegal user sharon from 60.248.115.160 port 59342 ssh2 Sep 15 20:23:12 wall sshd[3590]: Failed password for illegal user sasha from 60.248.115.160 port 59764 ssh2 Sep 15 20:23:18 wall sshd[3592]: Failed password for illegal user testuser from 60.248.115.160 port 60191 ssh2 Sep 15 20:23:21 wall sshd[3594]: Failed password for illegal user temp from 60.248.115.160 port 60625 ssh2 Sep 15 20:23:25 wall sshd[3596]: Failed password for illegal user var from 60.248.115.160 port 60999 ssh2 Sep 15 20:23:29 wall sshd[3598]: Failed password for illegal user alex from 60.248.115.160 port 32874 ssh2 Sep 15 20:23:34 wall sshd[3600]: Failed password for illegal user alexander from 60.248.115.160 port 33301 ssh2 Sep 15 20:23:41 wall sshd[3602]: Failed password for illegal user info from 60.248.115.160 port 33673 ssh2 Sep 15 20:23:45 wall sshd[3604]: Failed password for illegal user russ from 60.248.115.160 port 34463 ssh2 Sep 15 20:23:49 wall sshd[3606]: Failed password for illegal user rich from 60.248.115.160 port 34569 ssh2 Sep 15 20:23:54 wall sshd[3608]: Failed password for illegal user andrew from 60.248.115.160 port 34995 ssh2 Iyi calismalar. -- Baris Simsek http://www.enderunix.org/simsek/ - Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
Re: [FreeBSD] pf ile korunma
Merhaba; Benzer bir soru debian-turkish listesinde de sorulmuş ve soruyu soran kişi aşağıdaki adresleri bulduğunu yazmıştı. http://fail2ban.sourceforge.net http://www.csc.liv.ac.uk/~greg/sshdfilter/ http://sodaphish.com/files/tattle http://lcamtuf.coredump.cx/p0f.shtml http://www.whitedust.net/article/27/Recent%20SSH%20Brute-Force%20Attacks/ http://clustrmaps.com/index.htm İyi çalışmalar. Kemal FIRAT wrote: Dun ayni ip'den httpd-error.log dosyasina dusen bilgiler.Bu ip'ye block koymanin disinda daha iyi bir yol varmi. -- Yaşar ŞENTÜRK http://www.dijitaltek.com/yasar http://yasarix.blogspot.com - Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
Re: [FreeBSD] pf ile korunma
SSH portunu degistirmek bu tip saldirilarin %80 ninden korunmanizi saglar. sshd_config dosyasindaki Port 22 degerini Port 8898 gibi bir degerle degistirin. 16.09.2005 tarihinde Baris Simsek [EMAIL PROTECTED] yazmış: merhaba, Bunlar httpd'ye degil ssh'e gelen istekler. Teker teker ip girmek yerine SSH'i herkese kapatip sadece istediginiz ip'lere acin. selamlar... Kemal FIRAT wrote: Dun ayni ip'den httpd-error.log dosyasina dusen bilgiler.Bu ip'ye block koymanin disinda daha iyi bir yol varmi. Sep 15 20:22:25 wall sshd[3570]: Failed password for illegal user named from 60.248.115.160 port 55881 ssh2 Sep 15 20:22:29 wall sshd[3572]: Failed password for illegal user ntp from 60.248.115.160 port 55992 ssh2 Sep 15 20:22:34 wall sshd[3574]: Failed password for illegal user webadmin from 60.248.115.160 port 56426 ssh2 Sep 15 20:22:41 wall sshd[3576]: Failed password for illegal user mail from 60.248.115.160 port 56811 ssh2 Sep 15 20:22:46 wall sshd[3578]: Failed password for news from 60.248.115.160 port 57613 ssh2 Sep 15 20:22:52 wall sshd[3580]: Failed password for operator from 60.248.115.160 port 58035 ssh2 Sep 15 20:22:55 wall sshd[3582]: Failed password for illegal user george from 60.248.115.160 port 58451 ssh2 Sep 15 20:22:59 wall sshd[3584]: Failed password for illegal user mike from 60.248.115.160 port 58556 ssh2 Sep 15 20:23:04 wall sshd[3586]: Failed password for illegal user richard from 60.248.115.160 port 58972 ssh2 Sep 15 20:23:08 wall sshd[3588]: Failed password for illegal user sharon from 60.248.115.160 port 59342 ssh2 Sep 15 20:23:12 wall sshd[3590]: Failed password for illegal user sasha from 60.248.115.160 port 59764 ssh2 Sep 15 20:23:18 wall sshd[3592]: Failed password for illegal user testuser from 60.248.115.160 port 60191 ssh2 Sep 15 20:23:21 wall sshd[3594]: Failed password for illegal user temp from 60.248.115.160 port 60625 ssh2 Sep 15 20:23:25 wall sshd[3596]: Failed password for illegal user var from 60.248.115.160 port 60999 ssh2 Sep 15 20:23:29 wall sshd[3598]: Failed password for illegal user alex from 60.248.115.160 port 32874 ssh2 Sep 15 20:23:34 wall sshd[3600]: Failed password for illegal user alexander from 60.248.115.160 port 33301 ssh2 Sep 15 20:23:41 wall sshd[3602]: Failed password for illegal user info from 60.248.115.160 port 33673 ssh2 Sep 15 20:23:45 wall sshd[3604]: Failed password for illegal user russ from 60.248.115.160 port 34463 ssh2 Sep 15 20:23:49 wall sshd[3606]: Failed password for illegal user rich from 60.248.115.160 port 34569 ssh2 Sep 15 20:23:54 wall sshd[3608]: Failed password for illegal user andrew from 60.248.115.160 port 34995 ssh2 Iyi calismalar. -- Baris Simsek http://www.enderunix.org/simsek/ - Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php -- Huzeyfe ÖNAL --- First Turkish Qmail book is out! Go check it. Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/