RE: [gentoo-security] hackers

Tue, 11 Oct 2005 05:35:57 -0700

Yes, you can set up triggers in syslog-ng that will trigger based on failed ssh login attempts.

 

filter f_ssh_login_attempt {

        program("sshd.*")

        and match("(Failed|Accepted)")

        and not match("Accepted (hostbased|publickey) for (root|zoneaxfr) from (10.4.3.1)");

};

 

log {

        source(src);

        filter(f_ssh_login_attempt);

        destination(mail-alert-perl);

};

destination mail-alert-perl { program("/usr/local/bin/syslog-mail-perl"); };

 

Sean

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 8:22 AM
To: [email protected]
Subject: Re: [gentoo-security] hackers

 


I have a question:

Is there an application/program which can send an email whenever this
ssh attack happen?

A few months ago I got 300 attempts which made me close ssh port
and stop using it for a while.

Thanks

Alfredito
 

Jochen Maes <[EMAIL PROTECTED]>

10/10/2005 05:52 AM

Please respond to
[email protected]

To

[email protected]

cc

 

Subject

[gentoo-security] hackers

 

 

 




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,


ok one off my servers i keep on getting one iprange that tries to
login through ssh (200-300) attemps with other usernames.
This is probably a script that's being ran all the time, but the isp
doesn't mind, i allready sent my logs and my complaints and i don't
get any response.
Is there something like hackerwatch that i can send those logs to
(preferrably automatically) when happening?
I've blocked the range now so isn't a problem but hate it that the isp
doesn nothing against it.

greetings,

SeJo

- --
"Defer no time, delays have dangerous ends"

Jochen Maes                    
Gentoo Linux
Gentoo Belgium
http://sejo.be
http://gentoo.be
http://gentoo.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDSjnYMXMsRNMHhmARAoXVAJ92bRcBAO04hIUk2VgBOcpm1gm9cgCgmNHe
ZPNqAHab5fXLdx11vdod5rc=
=35Kg
-----END PGP SIGNATURE-----

--
[email protected] mailing list

Reply via email to