| View previous topic :: View next topic |
| Author |
Message |
aztech
Tux's lil' helper
Joined: 29 Jul 2002
Posts: 130
Location: Stenungsund, Sweden
|
 Posted: Sun Nov 23, 2008 12:51 pm Post subject: Automatic Abusemailer |
 |
|
On my server I'm running fail2ban to handle all the "bruteforce" attempts on my sshd.
It's working great I think, but I was thinking ...
I'm also running Logwatch and every night I get a mail with
the last 24h's events, including all breakin attempts.
Like this ..
| Code: |
sshd:
Authentication Failures:
unknown (3w.upcc.com.tw): 18 Time(s)
unknown (173-175-96-87.cust.blixtvik.se): 16 Time(s)
unknown (201-016-168-017.xf-static.ctbcnetsuper.com.br): 16 Time(s)
unknown (212.1.235.25): 16 Time(s)
unknown (napali.ecm.ub.es): 16 Time(s)
unknown (212.91.188.165): 14 Time(s)
......
|
Last night I got over 450 attempts ..
I'm also MRTG'ing this and lately it's looking like this
http://i448.photobucket.com/albums/qq207/sluttan/sshdmrtg.jpg
Ok, so I'm looking for something to extract all "hits" and compile a mail with
a breif info plus all source addresses to send to my ISP's abuse mail.
Any one know something like that ?
PS.
Dont ask me to change port on sshd, it's a non working idéa.
BR
Andreas |
|
| Back to top |
|
 |
DawgG
l33t
Joined: 17 Sep 2003
Posts: 874
|
| Posted: Mon Nov 24, 2008 12:39 pm Post subject: |
|
|
| Quote: | Ok, so I'm looking for something to extract all "hits" and compile a mail with
a breif info plus all source addresses to send to my ISP's abuse mail. |
you could quickly hack up a little shellscript to do that, grep the ips etc in the logs and mail the results with ssmtp or sth like it.
nice attempt, but i think it's a lot of work for nothing, really, because YOUR isp will and can do nothing about it and the ISPs of the attackers won't either (even though you are right and they should).
| Quote: | | Dont ask me to change port on sshd, it's a non working idéa. |
why not? it's the simplest thing. and if you don't allow anonymous logins you can tell the users the port along with their username.
GOOD LUCK!
_________________
DUMM KLICKT GUT. |
|
| Back to top |
|
|
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Mon Nov 24, 2008 2:43 pm Post subject: |
|
|
| DawgG wrote: | | Quote: | | Dont ask me to change port on sshd, it's a non working idéa. |
why not? it's the simplest thing. |
Consider that simplicity might not be the issue. For example, some ISPs block all but well-known ports--or so many of them that you'd grow old trying to find one that works.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
