SSH Brute force help.

Discussion in 'Server Operation' started by timaaarrreee, Aug 8, 2008.

  1. timaaarrreee

    timaaarrreee ISPConfig Developer ISPConfig Developer

    Hi all recently my master root password was hacked/cracked and spam was getting sent to my users through my email address. I belive this was done through SSH and i was woundering how/if i can access a log file that loggs all logons. Then i may be able to block the IP/host etc. Can i do this? I use OpenSSH btw.

    Thanks
    Tim.
     
  2. topdog

    topdog Active Member HowtoForge Supporter

    What distro are you using ? if it is redhat based the log is /var/log/secure on debian i think you should check /var/log/auth.log or /var/log/syslog
     
  3. falko

    falko Super Moderator ISPConfig Developer

    You might want to check out fail2ban or DenyHosts to stop brute-force attacks.
     

Share This Page