On Mon, Jun 7, 2010 at 4:56 PM, Joseph Rotan <[email protected]> wrote: > Hi, > > here's another logs from another site: > > Jun 8 08:39:01 pfsense sshd[32290]: Invalid user emma from 125.208.2.125 > Jun 8 08:39:01 pfsense sshd[32290]: Failed password for invalid user emma > from > 125.208.2.125 port 56664 ssh2 > Jun 8 08:39:05 pfsense sshd[32293]: Invalid user emma from 125.208.2.125 > Jun 8 08:39:05 pfsense sshd[32293]: Failed password for invalid user emma > from > 125.208.2.125 port 57649 ssh2 > Jun 8 08:39:08 pfsense sshd[32295]: Invalid user emma from 125.208.2.125 > Jun 8 08:39:08 pfsense sshd[32295]: Failed password for invalid user emma > from > 125.208.2.125 port 58690 ssh2 > Jun 8 08:39:12 pfsense sshd[32298]: Invalid user olivia from 125.208.2.125 > Jun 8 08:39:12 pfsense sshd[32298]: Failed password for invalid user olivia > fro > m 125.208.2.125 port 59678 ssh2 > Jun 8 08:39:15 pfsense sshd[32370]: Invalid user olivia from 125.208.2.125 > Jun 8 08:39:15 pfsense sshd[32370]: Failed password for invalid user olivia > fro > m 125.208.2.125 port 60673 ssh2 > Jun 8 08:39:19 pfsense sshd[32382]: Invalid user olivia from 125.208.2.125 > Jun 8 08:39:19 pfsense sshd[32382]: Failed password for invalid user olivia > fro > m 125.208.2.125 port 61798 ssh2 > Jun 8 08:39:23 pfsense sshd[32384]: Invalid user madison from 125.208.2.125 > Jun 8 08:39:23 pfsense sshd[32384]: Failed password for invalid user > madison > fr > om 125.208.2.125 port 62755 ssh2 > Jun 8 08:39:26 pfsense sshd[32387]: Invalid user madison from 125.208.2.125 > Jun 8 08:39:26 pfsense sshd[32387]: Failed password for invalid user > madison > fr > om 125.208.2.125 port 63789 ssh2 > Jun 8 08:39:31 pfsense sshd[32390]: Invalid user madison from 125.208.2.125 > Jun 8 08:39:31 pfsense sshd[32390]: Failed password for invalid user > madison > fr > om 125.208.2.125 port 64785 ssh2 > > How can i block all this invalid users from attempting to access my pfsense > through SSH. >
Configure your firewall rules so SSH isn't wide open to the entire Internet, restrict it to a few authorized IPs. The system.log has what you see in the System tab under Status > System logs. The captive portal logs are in /var/log/portalauth.log. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
