2011-11-18 16:55:46 +00:00
|
|
|
#1
|
|
|
|
Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
|
|
|
|
May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
|
|
|
|
|
|
|
|
#2
|
|
|
|
Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
|
|
|
|
Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
|
|
|
|
|
|
|
|
#3
|
|
|
|
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
|
|
|
|
Jan 5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
|
|
|
|
|
|
|
|
#4
|
|
|
|
Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
|
|
|
|
|
|
|
|
|
|
|
|
#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
|
|
|
|
Mar 3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
|
|
|
|
Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
|
|
|
|
|
|
|
|
#6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
|
|
|
|
Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
|
|
|
|
|
|
|
|
#7 added exclamation mark to BREAK-IN
|
2012-11-06 02:22:33 +00:00
|
|
|
# Now should be a negative since we decided not to catch those
|
2011-11-18 16:55:46 +00:00
|
|
|
Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT
|
|
|
|
Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
|
2012-04-17 00:36:53 +00:00
|
|
|
|
|
|
|
#8 DenyUsers https://github.com/fail2ban/fail2ban/issues/47
|
|
|
|
Apr 16 22:01:15 al-ribat sshd[5154]: User root from 46.45.128.3 not allowed because listed in DenyUsers
|
2012-07-31 19:53:41 +00:00
|
|
|
|
|
|
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648020
|
|
|
|
Nov 8 11:19:38 bar sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.6
|