http://www.linux-mag.com/id/7807/ By some miracle, I manage to get swatch to monitor my web log, but basically it can read any log. In my case, I gave the annoying "jorgee" infected IP addresses a three minute lockout, which is enough to make them attack another server.
Swatch has no user group I could find, and it requires understanding regular expressions. Hence my miracle comment. For my VPS for which I am the only customer, I geographically block all countries that I don't plan on occupying from all email ports other than 25. I get a few hackers a week, all from the very VPS vendor I use because I don't block them. Original Message From: [email protected] Sent: December 19, 2017 9:37 AM To: [email protected] Subject: Re: detect suspicious logins On 12/19/17 12:01, Matthew Broadhead wrote: > does anyone know of a linux module (maybe similar to fail2ban) that > could be installed which would monitor email logs (sign ins) and alert > the user to any suspicious activity on their account? i suspect it > would need to log geo location, device type and ip address to a > database. it seems like a module like this would be very useful and > should exist already? thanks in advance Sounds like you should be looking at intrusion detection systems. -- Phil Stracchino Babylon Communications [email protected] [email protected] Landline: +1.603.293.8485 Mobile: +1.603.998.6958
