Re: annoying brute force attack attempt using ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Scott van Looy ha scritto:
May 15 12:03:52 novak sshd[21429]: Connection from port 53465 May 15 12:03:54 novak sshd[21429]: Invalid user student from May 15 12:03:54 novak sshd[21430]: input_userauth_request: invalid user student May 15 12:03:56 novak sshd[21429]: Failed password for invalid user student from port 53465 ssh2 May 15 12:03:56 novak sshd[21430]: Received disconnect from 11: Bye Bye May 15 12:03:56 novak sshd[21431]: Connection from port 53836 May 15 12:03:57 novak sshd[21431]: Invalid user market from May 15 12:03:57 novak sshd[21432]: input_userauth_request: invalid user market May 15 12:04:00 novak sshd[21431]: Failed password for invalid user market from port 53836 ssh2 May 15 12:04:00 novak sshd[21432]: Received disconnect from 11: Bye Bye May 15 12:04:00 novak sshd[21433]: Connection from port 54204 May 15 12:04:01 novak sshd[21433]: Invalid user style from May 15 12:04:01 novak sshd[21434]: input_userauth_request: invalid user style May 15 12:04:03 novak sshd[21433]: Failed password for invalid user style from port 54204 ssh2 May 15 12:04:03 novak sshd[21434]: Received disconnect from 11: Bye Bye

Lots and lots. Around 1 every 5 seconds.

So I ran
iptables -A INPUT -s -j DROP
and was surprised to see them attacks continue
Ran iptables -L just to make sure my rule was there and it was
in the end had to use hosts.deny to block the IP

Anyone got any ideas why?
I solved everything by using the fail2ban package, so install it as usual "yum -y install fail2ban" and read
the manual, it's quite easy to configure.

fedora-list mailing list
[email protected]
To unsubscribe:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux