Rhost

Sekcia: Konfigurácia 19.11.2010 | 10:03
Majlou   Návštevník
Zdravim vas, poslednu dobu som si v logoch vsimol nasledovne :
Samozrejme je to iba cast logu.Stale sa to opakuje a pod nim je dalsi...
Je mi jasne kdo co robi, ale ako tomu zabranim? Dakujem
deny pre ssh ale ako pre dovecot?
Nov 18 13:51:13 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<bedin>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:16 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<bedin>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:18 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<gallery>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:21 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<xbox>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:24 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<admin>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:27 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<macko>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:29 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<kon>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:32 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<martin>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:35 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<tiptop>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:38 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<laptop>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:41 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<user2>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:43 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<account>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:46 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<amit>, method=PLAIN, rip=190.72.209.155, lip=192.168.1.2
Nov 18 13:51:49 server dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<internet>, method=PLAIN, rip=190.72.209.155, 
Nov 18 20:58:09 server sshd[17905]: Failed password for root from 123.30.187.11 port 46621 ssh2
Nov 18 20:58:14 server nss_wins[17907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.vdc.vn  user=root
Nov 18 20:58:16 server sshd[17907]: Failed password for root from 123.30.187.11 port 47055 ssh2
Nov 18 20:58:20 server nss_wins[17910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.vdc.vn  user=root
Nov 18 20:58:22 server sshd[17910]: Failed password for root from 123.30.187.11 port 47525 ssh2
Nov 18 20:58:27 server nss_wins[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=static.vdc.vn  user=root
Nov 18 20:58:30 server sshd[17912]: Failed password for root from 123.30.187.11 port 48007 ssh2
    • Re: Rhost 19.11.2010 | 10:10
      Avatar Milan Dvorský debian,mint kde,android  Administrátor
      napriklad pridat dany rozsah alebo len samotnu IP do /etc/hosts.deny
    • Re: Rhost 19.11.2010 | 10:10
      Avatar borg Arch, Debian jessie  Administrátor
      odporucam fail2ban, tiez ho pouzivam.
      • Re: Rhost 19.11.2010 | 23:37
        WlaSaTy   Návštevník
        Aj ja, a k plnej spokojnosti.

        Len jedno mi bleslo hlavou. Kedze pop3 ide ruka v ruke s SMTP, tak by som sa rad dozvedel kolko posty od neoverenych uzivatelov bolo odoslane cez ten stroj. Pridavanie do blacklistov funguje dost rychlo.