1 |
I have applied this and test it looks like its working better, found in |
2 |
the ubuntu forums... |
3 |
|
4 |
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ |
5 |
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$ |
6 |
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$ |
7 |
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ |
8 |
USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ |
9 |
|
10 |
|
11 |
|
12 |
|
13 |
Homer Parker wrote: |
14 |
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: |
15 |
> |
16 |
>> Actually we are talking about proftp deamon analysed using |
17 |
>> /var/log/auth.log. |
18 |
>> |
19 |
> |
20 |
> You can play with fail2ban-regex and see what it thinks. |
21 |
> |
22 |
> |
23 |
|
24 |
|
25 |
-- |
26 |
Extra details: |
27 |
OSS:Gentoo Linux |
28 |
profile:x86 |
29 |
Hardware:msi geforce 8600GT asus p5k-se |
30 |
location:/home/muhsin |
31 |
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS |
32 |
Typo:40WPM |
33 |
url:http://www.mzalendo.net |