> don't trigger the IP addresses blocked by the /etc/hosts.deny file.
> I think is desirable that fail2ban identify these attempts.
> I've added the following line to sshd.conf
> failregex = refused connect from <HOST>\s
> Nov 13 03:42:11 Server sshd[4240]: refused connect from
> ::ffff:210.21.243.47 (::ffff:210.21.243.47)
indeed - it makes sense to add a rule for this one -- thanks
> but don't work with the following line, from my auth.log:
> Nov 11 23:33:27 Server sshd[5174]: refused connect from
> _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161
> (::ffff:218.249.210.161)
uu -- when is that happening? what is that prefix - some kind of hash?
> refused connect from <HOST>\s
don't forget to anchor it at the end with $
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
