diff --git a/config/filter.d/dropbear.conf b/config/filter.d/dropbear.conf
index 54d8166b..288b0882 100644
--- a/config/filter.d/dropbear.conf
+++ b/config/filter.d/dropbear.conf
@@ -23,8 +23,8 @@ before = common.conf
 
 _daemon = dropbear
 
-failregex = ^%(__prefix_line)s[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:.*$
-            ^%(__prefix_line)s[Bb]ad (PAM )?password attempt for .+ from <HOST>.*$
+failregex = ^%(__prefix_line)s[Ll]ogin attempt for nonexistent user ('.*' )?from <HOST>:\d+$
+            ^%(__prefix_line)s[Bb]ad (PAM )?password attempt for .+ from <HOST>(:\d+)?$
             ^%(__prefix_line)s[Ee]xit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from <HOST>:\d+\s*$
 
 ignoreregex = 
@@ -37,5 +37,12 @@ ignoreregex =
 #
 # The second last failregex line we need to match with the modified dropbear.
 #
+# For the second regex the following apply:
+#
+# http://www.netmite.com/android/mydroid/external/dropbear/svr-authpam.c
+# http://svn.dd-wrt.com/changeset/16642#file64
+#
+# http://svn.dd-wrt.com/changeset/16642/src/router/dropbear/svr-authpasswd.c
+#
 # Author: Francis Russell
 #         Zak B. Elep