HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Anything I can do against illegal login-requests? (http://www.howtoforge.com/forums/showthread.php?t=6991)

schmidtedv 20th September 2006 21:45

Anything I can do against illegal login-requests?
 
...
Sep 20 12:37:52 84-16-251-18 sshd[27784]: Illegal user webmaster from ::ffff:216.24.126.67
Sep 20 12:37:56 84-16-251-18 sshd[27790]: Illegal user webadmin from ::ffff:216.24.126.67
Sep 20 12:37:58 84-16-251-18 sshd[27794]: Illegal user ftpuser from ::ffff:216.24.126.67
Sep 20 12:37:59 84-16-251-18 sshd[27796]: Illegal user testuser from ::ffff:216.24.126.67
Sep 20 12:38:01 84-16-251-18 sshd[27798]: Illegal user testuser from ::ffff:216.24.126.67
Sep 20 12:38:02 84-16-251-18 sshd[27802]: Illegal user test from ::ffff:216.24.126.67
Sep 20 12:38:03 84-16-251-18 sshd[27804]: Illegal user guestuser from ::ffff:216.24.126.67
Sep 20 12:38:04 84-16-251-18 sshd[27806]: Illegal user test01 from ::ffff:216.24.126.67
Sep 20 12:38:05 84-16-251-18 sshd[27808]: Illegal user test2 from ::ffff:216.24.126.67
Sep 20 12:38:06 84-16-251-18 sshd[27810]: Illegal user test3 from ::ffff:216.24.126.67
Sep 20 12:38:08 84-16-251-18 sshd[27812]: Illegal user test4 from ::ffff:216.24.126.67
Sep 20 12:38:09 84-16-251-18 sshd[27814]: Illegal user test5 from ::ffff:216.24.126.67
Sep 20 12:38:10 84-16-251-18 sshd[27816]: Illegal user test6 from ::ffff:216.24.126.67
Sep 20 12:38:11 84-16-251-18 sshd[27818]: Illegal user test7 from ::ffff:216.24.126.67
Sep 20 12:38:12 84-16-251-18 sshd[27822]: Illegal user test8 from ::ffff:216.24.126.67
Sep 20 12:38:13 84-16-251-18 sshd[27824]: Illegal user test9 from ::ffff:216.24.126.67
Sep 20 12:38:15 84-16-251-18 sshd[27826]: Illegal user test10 from ::ffff:216.24.126.67
Sep 20 12:38:16 84-16-251-18 sshd[27828]: Illegal user user1 from ::ffff:216.24.126.67
Sep 20 12:38:17 84-16-251-18 sshd[27830]: Illegal user user2 from ::ffff:216.24.126.67
Sep 20 12:38:18 84-16-251-18 sshd[27832]: Illegal user user3 from ::ffff:216.24.126.67
Sep 20 12:38:19 84-16-251-18 sshd[27834]: Illegal user user4 from ::ffff:216.24.126.67
Sep 20 12:38:20 84-16-251-18 sshd[27836]: Illegal user user5 from ::ffff:216.24.126.67
Sep 20 12:38:22 84-16-251-18 sshd[27838]: Illegal user user6 from ::ffff:216.24.126.67
Sep 20 12:38:23 84-16-251-18 sshd[27842]: Illegal user user7 from ::ffff:216.24.126.67
Sep 20 12:38:24 84-16-251-18 sshd[27844]: Illegal user user8 from ::ffff:216.24.126.67
Sep 20 12:38:25 84-16-251-18 sshd[27846]: Illegal user user9 from ::ffff:216.24.126.67
Sep 20 12:38:26 84-16-251-18 sshd[27848]: Illegal user user10 from ::ffff:216.24.126.67
Sep 20 12:38:27 84-16-251-18 sshd[27850]: Illegal user simon from ::ffff:216.24.126.67
Sep 20 12:38:29 84-16-251-18 sshd[27852]: Illegal user david from ::ffff:216.24.126.67
Sep 20 12:38:30 84-16-251-18 sshd[27854]: Illegal user monica from ::ffff:216.24.126.67
Sep 20 12:38:31 84-16-251-18 sshd[27856]: Illegal user sql from ::ffff:216.24.126.67
Sep 20 12:38:33 84-16-251-18 sshd[27862]: Illegal user sybase from ::ffff:216.24.126.67
Sep 20 12:38:34 84-16-251-18 sshd[27864]: Illegal user informix from ::ffff:216.24.126.67
Sep 20 12:38:54 84-16-251-18 sshd[27902]: Illegal user shell from ::ffff:216.24.126.67
Sep 20 12:38:55 84-16-251-18 sshd[27904]: Illegal user noaccess from ::ffff:216.24.126.67
...

Is there a way to block sshd login-requests from other ip-ranges than germany? Or something else I could do against these assh......?

sjau 20th September 2006 21:48

http://www.howtoforge.com/preventing...with_denyhosts

schmidtedv 20th September 2006 22:17

THX!

But, well...this seems not to be ok?

Code:

starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
Can't read: /private/var/log/system.log
[Errno 2] No such file or directory: '/private/var/log/system.log'
Error deleting DenyHosts lock file: /var/run/denyhosts.pid
[Errno 2] No such file or directory: '/var/run/denyhosts.pid'


sjau 20th September 2006 22:18

Do use Debian?

schmidtedv 20th September 2006 22:21

...sorry, found it...it activated 2 lines in denyhosts.cfg, so it took the second for mac with the logfile instead of my debian auth.log....changed and restarted with no errors :-)

Actually I took 2.5 which was the newest version...that's ok?

sjau 20th September 2006 22:37

what did you take 2.5?

schmidtedv 20th September 2006 22:41

denyhosts....newest stable version i found was not 2.0...2.5 was newest, so i installed this one


anything else that might be done that quick to higher the security with debian 3.1 and ISPConfig 2.2.6? I already use postgrey...but that's it.

sjau 20th September 2006 22:44

well, if you have a packet manager I'd use that one... on debian apt on suse yum on RH rpm I think on other systems no clue...
Well newer version is normally better but I just like the apt-get install on debian and the regular apt-get update and then apt-get upgrade :)

schmidtedv 20th September 2006 22:49

I didn't know that denyhosts comes with apt-get...the tutorial only told about getting it manually with wget, so I used this way, having in mind that he did it for debian and so he would have used apt-get, if this would have been possible, but, next time i try it first with apt-get :-)

however, I'm still learning. This server is actually my first linux-experience, so, I try to read first before fool around with some stuff...so I hope doing it all right (without always knowing what I do, haha)

sjau 20th September 2006 22:58

ups, you're right... it doesn't come with apt-get :) my mistake... it's been a while since I installed it :)


All times are GMT +2. The time now is 12:43.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.