1. Home
  2. Forums Index
  3. Server Side / Linux, Unix, and *nix like Operating Systems 5:11 am May 21, 2026

Forum Moderators: bakedjake

Message Too Old, No Replies

securing using automated host.deny

         

iceman42

1:30 pm on Oct 29, 2005 (gmt 0)

10+ Year Member



Found this in my secure.log files
Oct 28 21:09:16 ns sshd[11373]: Invalid user testuser from ::ffff:66.135.40.148
Oct 28 21:09:17 ns sshd[11371]: Failed password for invalid user postmaster from ::ffff:66.135.40.148 port 55558 ssh2
Oct 28 21:09:18 ns sshd[11375]: Invalid user testuser from ::ffff:66.135.40.148
Oct 28 21:09:18 ns sshd[11373]: Failed password for invalid user testuser from ::ffff:66.135.40.148 port 55607 ssh2
Oct 28 21:09:19 ns sshd[11377]: Invalid user tester from ::ffff:66.135.40.148
Oct 28 21:09:21 ns sshd[11375]: Failed password for invalid user testuser from ::ffff:66.135.40.148 port 55662 ssh2
Oct 28 21:09:21 ns sshd[11379]: Invalid user tester from ::ffff:66.135.40.148
Oct 28 21:09:22 ns sshd[11377]: Failed password for invalid user tester from ::ffff:66.135.40.148 port 55681 ssh2
Oct 28 21:09:24 ns sshd[11379]: Failed password for invalid user tester from ::ffff:66.135.40.148 port 55740 ssh2
Oct 28 21:09:26 ns sshd[11381]: Failed password for root from ::ffff:66.135.40.148 port 55756 ssh2
Oct 28 21:09:28 ns sshd[11383]: Failed password for root from ::ffff:66.135.40.148 port 55815 ssh2
Oct 28 21:09:29 ns sshd[11385]: Failed password for root from ::ffff:66.135.40.148 port 55833 ssh2
Oct 28 21:09:32 ns sshd[11387]: Failed password for root from ::ffff:66.135.40.148 port 55888 ssh2
Oct 28 21:09:33 ns sshd[11389]: Failed password for root from ::ffff:66.135.40.148 port 55936 ssh2
Oct 28 21:09:34 ns sshd[11392]: Invalid user knoppix from ::ffff:66.135.40.148
Oct 28 21:09:37 ns sshd[11392]: Failed password for invalid user knoppix from ::ffff:66.135.40.148 port 56018 ssh2
Oct 28 21:09:38 ns sshd[11391]: Failed password for root from ::ffff:66.135.40.148 port 55965 ssh2
Oct 28 21:09:39 ns sshd[11397]: Invalid user knoppix from ::ffff:66.135.40.148
Oct 28 21:09:40 ns sshd[11395]: Failed password for root from ::ffff:66.135.40.148 port 56092 ssh2
Oct 28 21:09:41 ns sshd[11400]: Invalid user design from ::ffff:66.135.40.148
Oct 28 21:09:42 ns sshd[11397]: Failed password for invalid user knoppix from ::ffff:66.135.40.148 port 56120 ssh2
Oct 28 21:09:44 ns sshd[11400]: Failed password for invalid user design from ::ffff:66.135.40.148 port 56165 ssh2
Oct 28 21:09:46 ns sshd[11402]: Failed password for root from ::ffff:66.135.40.148 port 56217 ssh2
Oct 28 21:09:46 ns sshd[11406]: Invalid user design from ::ffff:66.135.40.148
Oct 28 21:09:48 ns sshd[11404]: Failed password for root from ::ffff:66.135.40.148 port 56243 ssh2
Oct 28 21:09:48 ns sshd[11408]: Invalid user public from ::ffff:66.135.40.148
Oct 28 21:09:51 ns sshd[11408]: Failed password for invalid user public from ::ffff:66.135.40.148 port 56328 ssh2
Oct 28 21:09:54 ns sshd[11406]: Failed password for invalid user design from ::ffff:66.135.40.148 port 56299 ssh2
Oct 28 21:09:58 ns sshd[11410]: Failed password for root from ::ffff:66.135.40.148 port 56484 ssh2
Oct 28 21:09:59 ns sshd[11414]: Invalid user public from ::ffff:66.135.40.148
theres more I just decided that this was enough fun. all the same ip address so I added to host.deny. now how do I automation adding IP's to the host.deny file if say more then three login attempts fail.

krod

2:04 pm on Oct 29, 2005 (gmt 0)

10+ Year Member



I am sure you could cook up some code to do the trick, or search sf.net for something of the sort.

iceman42

2:41 pm on Oct 29, 2005 (gmt 0)

10+ Year Member



Will portsentry do the trick?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Linux, Unix, and *nix like Operating Systems 5:11 am May 21, 2026