| 1 |
I have applied this and test it looks like its working better, found in |
| 2 |
the ubuntu forums... |
| 3 |
|
| 4 |
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ |
| 5 |
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$ |
| 6 |
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$ |
| 7 |
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ |
| 8 |
USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$ |
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
Homer Parker wrote: |
| 14 |
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: |
| 15 |
> |
| 16 |
>> Actually we are talking about proftp deamon analysed using |
| 17 |
>> /var/log/auth.log. |
| 18 |
>> |
| 19 |
> |
| 20 |
> You can play with fail2ban-regex and see what it thinks. |
| 21 |
> |
| 22 |
> |
| 23 |
|
| 24 |
|
| 25 |
-- |
| 26 |
Extra details: |
| 27 |
OSS:Gentoo Linux |
| 28 |
profile:x86 |
| 29 |
Hardware:msi geforce 8600GT asus p5k-se |
| 30 |
location:/home/muhsin |
| 31 |
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS |
| 32 |
Typo:40WPM |
| 33 |
url:http://www.mzalendo.net |
Archives