Scanners
by rullzer on Mar.10, 2007, under Gentoo
So I was going trough the logs on my server the other day and my auth.log (ssh) was huge. So i wondered how it has gotten so huge. So I opened it. And I saw a list that would not end of invalid logins. Apparently i was in the IP range of some scanners. Now if you have the same problem I suggest you try the program fail2ban (it is in gentoo’s portage). It works like a charm! my /etc/hosts.deny grows steady 
. However fail2ban has the nice function to eliminate ranges of IP addresses so that you do not cut of your network. (which is nice).
However I also want to use this post to send a message to the scanners. If you would like better results do not try login names like AccesDB or ntDomain!
-
Hi! Welcome to rullzer!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
Social Networking
1 Trackback or Pingback for this entry
August 14th, 2007 on 12:26 am
[...] while ago I wrote a little story about fail2ban. Back then I was using an unstable version (turned out later). And it did not work [...]