Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th September 2006, 21:45
schmidtedv schmidtedv is offline
Senior Member
 
Join Date: Jun 2006
Location: Germany, Kaarst
Posts: 152
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to schmidtedv Send a message via Skype™ to schmidtedv
Default Anything I can do against illegal login-requests?

...
Sep 20 12:37:52 84-16-251-18 sshd[27784]: Illegal user webmaster from ::ffff:216.24.126.67
Sep 20 12:37:56 84-16-251-18 sshd[27790]: Illegal user webadmin from ::ffff:216.24.126.67
Sep 20 12:37:58 84-16-251-18 sshd[27794]: Illegal user ftpuser from ::ffff:216.24.126.67
Sep 20 12:37:59 84-16-251-18 sshd[27796]: Illegal user testuser from ::ffff:216.24.126.67
Sep 20 12:38:01 84-16-251-18 sshd[27798]: Illegal user testuser from ::ffff:216.24.126.67
Sep 20 12:38:02 84-16-251-18 sshd[27802]: Illegal user test from ::ffff:216.24.126.67
Sep 20 12:38:03 84-16-251-18 sshd[27804]: Illegal user guestuser from ::ffff:216.24.126.67
Sep 20 12:38:04 84-16-251-18 sshd[27806]: Illegal user test01 from ::ffff:216.24.126.67
Sep 20 12:38:05 84-16-251-18 sshd[27808]: Illegal user test2 from ::ffff:216.24.126.67
Sep 20 12:38:06 84-16-251-18 sshd[27810]: Illegal user test3 from ::ffff:216.24.126.67
Sep 20 12:38:08 84-16-251-18 sshd[27812]: Illegal user test4 from ::ffff:216.24.126.67
Sep 20 12:38:09 84-16-251-18 sshd[27814]: Illegal user test5 from ::ffff:216.24.126.67
Sep 20 12:38:10 84-16-251-18 sshd[27816]: Illegal user test6 from ::ffff:216.24.126.67
Sep 20 12:38:11 84-16-251-18 sshd[27818]: Illegal user test7 from ::ffff:216.24.126.67
Sep 20 12:38:12 84-16-251-18 sshd[27822]: Illegal user test8 from ::ffff:216.24.126.67
Sep 20 12:38:13 84-16-251-18 sshd[27824]: Illegal user test9 from ::ffff:216.24.126.67
Sep 20 12:38:15 84-16-251-18 sshd[27826]: Illegal user test10 from ::ffff:216.24.126.67
Sep 20 12:38:16 84-16-251-18 sshd[27828]: Illegal user user1 from ::ffff:216.24.126.67
Sep 20 12:38:17 84-16-251-18 sshd[27830]: Illegal user user2 from ::ffff:216.24.126.67
Sep 20 12:38:18 84-16-251-18 sshd[27832]: Illegal user user3 from ::ffff:216.24.126.67
Sep 20 12:38:19 84-16-251-18 sshd[27834]: Illegal user user4 from ::ffff:216.24.126.67
Sep 20 12:38:20 84-16-251-18 sshd[27836]: Illegal user user5 from ::ffff:216.24.126.67
Sep 20 12:38:22 84-16-251-18 sshd[27838]: Illegal user user6 from ::ffff:216.24.126.67
Sep 20 12:38:23 84-16-251-18 sshd[27842]: Illegal user user7 from ::ffff:216.24.126.67
Sep 20 12:38:24 84-16-251-18 sshd[27844]: Illegal user user8 from ::ffff:216.24.126.67
Sep 20 12:38:25 84-16-251-18 sshd[27846]: Illegal user user9 from ::ffff:216.24.126.67
Sep 20 12:38:26 84-16-251-18 sshd[27848]: Illegal user user10 from ::ffff:216.24.126.67
Sep 20 12:38:27 84-16-251-18 sshd[27850]: Illegal user simon from ::ffff:216.24.126.67
Sep 20 12:38:29 84-16-251-18 sshd[27852]: Illegal user david from ::ffff:216.24.126.67
Sep 20 12:38:30 84-16-251-18 sshd[27854]: Illegal user monica from ::ffff:216.24.126.67
Sep 20 12:38:31 84-16-251-18 sshd[27856]: Illegal user sql from ::ffff:216.24.126.67
Sep 20 12:38:33 84-16-251-18 sshd[27862]: Illegal user sybase from ::ffff:216.24.126.67
Sep 20 12:38:34 84-16-251-18 sshd[27864]: Illegal user informix from ::ffff:216.24.126.67
Sep 20 12:38:54 84-16-251-18 sshd[27902]: Illegal user shell from ::ffff:216.24.126.67
Sep 20 12:38:55 84-16-251-18 sshd[27904]: Illegal user noaccess from ::ffff:216.24.126.67
...

Is there a way to block sshd login-requests from other ip-ranges than germany? Or something else I could do against these assh......?
Reply With Quote
Sponsored Links
  #2  
Old 20th September 2006, 21:48
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

http://www.howtoforge.com/preventing...with_denyhosts
Reply With Quote
  #3  
Old 20th September 2006, 22:17
schmidtedv schmidtedv is offline
Senior Member
 
Join Date: Jun 2006
Location: Germany, Kaarst
Posts: 152
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to schmidtedv Send a message via Skype™ to schmidtedv
Default

THX!

But, well...this seems not to be ok?

Code:
starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
Can't read: /private/var/log/system.log
[Errno 2] No such file or directory: '/private/var/log/system.log'
Error deleting DenyHosts lock file: /var/run/denyhosts.pid
[Errno 2] No such file or directory: '/var/run/denyhosts.pid'
Reply With Quote
  #4  
Old 20th September 2006, 22:18
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

Do use Debian?
Reply With Quote
  #5  
Old 20th September 2006, 22:21
schmidtedv schmidtedv is offline
Senior Member
 
Join Date: Jun 2006
Location: Germany, Kaarst
Posts: 152
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to schmidtedv Send a message via Skype™ to schmidtedv
Default

...sorry, found it...it activated 2 lines in denyhosts.cfg, so it took the second for mac with the logfile instead of my debian auth.log....changed and restarted with no errors :-)

Actually I took 2.5 which was the newest version...that's ok?
Reply With Quote
  #6  
Old 20th September 2006, 22:37
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

what did you take 2.5?
Reply With Quote
  #7  
Old 20th September 2006, 22:41
schmidtedv schmidtedv is offline
Senior Member
 
Join Date: Jun 2006
Location: Germany, Kaarst
Posts: 152
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to schmidtedv Send a message via Skype™ to schmidtedv
Default

denyhosts....newest stable version i found was not 2.0...2.5 was newest, so i installed this one


anything else that might be done that quick to higher the security with debian 3.1 and ISPConfig 2.2.6? I already use postgrey...but that's it.

Last edited by schmidtedv; 20th September 2006 at 22:43.
Reply With Quote
  #8  
Old 20th September 2006, 22:44
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

well, if you have a packet manager I'd use that one... on debian apt on suse yum on RH rpm I think on other systems no clue...
Well newer version is normally better but I just like the apt-get install on debian and the regular apt-get update and then apt-get upgrade
Reply With Quote
  #9  
Old 20th September 2006, 22:49
schmidtedv schmidtedv is offline
Senior Member
 
Join Date: Jun 2006
Location: Germany, Kaarst
Posts: 152
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via MSN to schmidtedv Send a message via Skype™ to schmidtedv
Default

I didn't know that denyhosts comes with apt-get...the tutorial only told about getting it manually with wget, so I used this way, having in mind that he did it for debian and so he would have used apt-get, if this would have been possible, but, next time i try it first with apt-get :-)

however, I'm still learning. This server is actually my first linux-experience, so, I try to read first before fool around with some stuff...so I hope doing it all right (without always knowing what I do, haha)
Reply With Quote
  #10  
Old 20th September 2006, 22:58
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
 
Default

ups, you're right... it doesn't come with apt-get my mistake... it's been a while since I installed it
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
kann keine mails empfangen odin1 Installation/Configuration 5 6th July 2006 12:13
unable to login root in GUI Mode in Suse10 saialkesh HOWTO-Related Questions 12 2nd May 2006 09:57
Problem with POP3 Login masterkain Installation/Configuration 6 15th January 2006 18:11
authdaemon LOGIN: REJECT dgradzik Tips/Tricks/Mods 2 22nd September 2005 00:09
Total Frustration-HELP palkat Installation/Configuration 17 3rd September 2005 17:28


All times are GMT +2. The time now is 20:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.