MicroChip123
14-08-2010, 12:46
Code:
Status |- Number of jail: 2 `- Jail list: ssh-ddos, ssh
Status |- Number of jail: 2 `- Jail list: ssh-ddos, ssh
Port ##### PermitRootLogin no X11Forwarding no UsePAM no UseDNS no AllowUsers XXXXXXXXX
# Logging SyslogFacility AUTH LogLevel INFO
Aug 13 08:33:04 bethany sshd[2558]: Did not receive identification string from 92.46.113.188 Aug 13 08:33:52 bethany sshd[2559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.113.188 user=root Aug 13 08:33:54 bethany sshd[2559]: Failed password for root from 92.46.113.188 port 43019 ssh2 Aug 13 08:34:53 bethany sshd[2604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.113.188 user=root Aug 13 08:34:55 bethany sshd[2604]: Failed password for root from 92.46.113.188 port 45860 ssh2 Aug 13 08:35:28 bethany sshd[2657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.113.188 user=root Aug 13 08:35:30 bethany sshd[2657]: Failed password for root from 92.46.113.188 port 49092 ssh2
Is there anyway i can find the ips and then ban them?
Aug 14 09:25:01CRON[5393]: pam_unix(cron:session): session closed for user root by (uid=0) Aug 14 09:25:01 CRON[5392]: pam_unix(cron:session): session closed for user root
sudo iptables -I INPUT -p tcp --dport SSHportHere -i eth0 -m state --state NEW -m recent \ --set sudo iptables -I INPUT -p tcp --dport SSHportHere -i eth0 -m state --state NEW -m recent \ --update --seconds 60 --hitcount 6 -j DROP