[mythtv-users] ssh attack
chris at cpr.homelinux.net
chris at cpr.homelinux.net
Fri Dec 30 05:39:34 EST 2005
On Fri, Dec 30, 2005 at 12:12:37AM -0500, George Nassas wrote:
> On 29-Dec-05, at 11:58 PM, Korey Fort wrote:
> >tracks log in attempts, if the
> >account/password is wrong a certain amount of times it will put it in
> >/etc/host.deny file and block them from attempting.
> That's a good idea in general but this particular fellow only tried a
> given login once. Basically root / root then mythtv / mythtv then frank
> / frank, etc...
You've missed the point. These types of packages don't look for
multiple attempts at a single user name. They simply watch the auth
logs and match failures to IPs. Once an IP has accumulated a certain
number of failures within a specified time period, that IP address is
temporarily added to a firewall table to block all further connections.
In your case, root/root is the first failure, mythtv/mythtv is the
second failure, etc.
I use fail2ban to do the same thing. It's highly configurable so you
can adjust the rules to match almost any kind of log file.
--
Joke template: Three guys walk into a bar. One of them is a wee bit
stupid, and the whole scene unfolds with a tedious inevitability.
More information about the mythtv-users
mailing list