[BlueOnyx:01651] Re: Slammed with Spammer

Chuck Tetlow chuck at tetlow.net
Sat Jul 11 22:46:23 -05 2009 

Sounds like a very handy tool. 

I'm safe as far as SSH is concerned, I've got that port and Telnet blocked at my front-door router.  But I'm sick of hacking attempts via FTP, POP3, and SMTP auth.  And just as our earlier friend - I've had many instances of someone guessing passwords (usually stupid stuff like username "info" and password "info").

Besides parsing the /var/log/secure file - can you configure DenyHosts to parse /var/log/maillog and lock out those IPs guessing POP3 passwords??

Chuck

---------- Original Message -----------
From: Alan Kline <alan at snugglebunny.us> 
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it> 
Sent: Sat, 11 Jul 2009 19:36:31 -0500 
Subject: [BlueOnyx:01650] Re: Slammed with Spammer

> Paul-- 
> 
> I've been very pleased with DenyHosts since Chris Gebhardt turned me on to it. 
> It's a nice Python script. Essentially, I run it as a cron job every 10 
> minutes. It scans the secure log file. When it detects a certain number of attempts to 
> login through ssh by invalid users, bad passwords, or whatever, it'll automatically 
> add that IP to your hosts.deny file. It also can be set to exchange info 
> with other machines running DenyHosts. You can configure the number of 
> failed attempts before it acts, and set it to block ssh or all services. 
> 
> It doesn't catch everything--I still have to manually add the vermin who try to 
> hack my website and databases--but it helps a lot. 
> 
> The URL is www.denyhosts.net 
> 
> Alan 
> 
> Paul wrote: 
> 
> > Michael/Jeff/Jim/Larry, 
> > 
> > Many thanks to you all - Applied the iptables and /etc/hosts.deny and 
> > all has now stopped from that particular source. 
> > Have also removed the "user" in question... Interestingly enough, on an 
> > unused site.... 
> 
> _______________________________________________ 
> Blueonyx mailing list 
> Blueonyx at blueonyx.it 
> http://www.blueonyx.it/mailman/listinfo/blueonyx 
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090711/a569c615/attachment.html>

More information about the Blueonyx mailing list