[BlueOnyx:01651] Re: Slammed with Spammer
chuck at tetlow.net
Sat Jul 11 22:46:23 PET 2009
Sounds like a very handy tool.
I'm safe as far as SSH is concerned, I've got that port and Telnet blocked at my front-door router. But I'm sick of hacking attempts via FTP, POP3, and SMTP auth. And just as our earlier friend - I've had many instances of someone guessing passwords (usually stupid stuff like username "info" and password "info").
Besides parsing the /var/log/secure file - can you configure DenyHosts to parse /var/log/maillog and lock out those IPs guessing POP3 passwords??
---------- Original Message -----------
From: Alan Kline <alan at snugglebunny.us>
To: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Sent: Sat, 11 Jul 2009 19:36:31 -0500
Subject: [BlueOnyx:01650] Re: Slammed with Spammer
> I've been very pleased with DenyHosts since Chris Gebhardt turned me on to it.
> It's a nice Python script. Essentially, I run it as a cron job every 10
> minutes. It scans the secure log file. When it detects a certain number of attempts to
> login through ssh by invalid users, bad passwords, or whatever, it'll automatically
> add that IP to your hosts.deny file. It also can be set to exchange info
> with other machines running DenyHosts. You can configure the number of
> failed attempts before it acts, and set it to block ssh or all services.
> It doesn't catch everything--I still have to manually add the vermin who try to
> hack my website and databases--but it helps a lot.
> The URL is www.denyhosts.net
> Paul wrote:
> > Michael/Jeff/Jim/Larry,
> > Many thanks to you all - Applied the iptables and /etc/hosts.deny and
> > all has now stopped from that particular source.
> > Have also removed the "user" in question... Interestingly enough, on an
> > unused site....
> Blueonyx mailing list
> Blueonyx at blueonyx.it
------- End of Original Message -------
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Blueonyx