View previous topic :: View next topic |
Author |
Message |
fwmartin n00b
Joined: 14 Jan 2005 Posts: 4
|
Posted: Sat Dec 06, 2008 6:23 pm Post subject: |
|
|
Anyone else getting distributed attempts now? I'm getting hit by many ips. Each at a rate below fail2bans threshold. |
|
Back to top |
|
|
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Mon Feb 01, 2010 9:16 am Post subject: |
|
|
I was running this script with great success in the past, but I just noticed that for a long while I haven't received any more local messages on ssh attempts. Since I don't think they have stopped all of a sudden, I checked my init script and I found this out: Code: | $ sudo /etc/init.d/blacklist restart
* Staring blacklist.py ... [ !! ] |
Is anyone else having problems with this script? I miss it. |
|
Back to top |
|
|
haarp Guru
Joined: 31 Oct 2007 Posts: 535
|
Posted: Tue Feb 02, 2010 8:20 am Post subject: |
|
|
Works fine for me. Try my initscipt:
Code: | #!/sbin/runscript
# Distributed under the terms of the GNU General Public License v2
#
# Refer to forum post: http://forums.gentoo.org/viewtopic-p-3141510.html#3141510
#
# Date: 2008-05-14
# Version 0.2 by dr4cul4
# modified by haarp on 2008-07-08
# you may want to comment iptables...
depend() {
need localmount net
after bootmisc iptables
use sshd
}
start() {
ebegin "Starting blacklist"
# For some reason, start-stop-daemon fails. Luckily, blacklist itself makes lockfiles
# start-stop-daemon --start --background --quiet --pidfile /var/run/blacklist.pid --exec /usr/bin/python /usr/local/sbin/blacklist.py
/usr/bin/python /usr/local/sbin/blacklist.py &
eend $?
}
stop() {
ebegin "Stopping blacklist"
start-stop-daemon --stop --quiet --pidfile /var/run/blacklist.pid
eend $?
} |
|
|
Back to top |
|
|
urcindalo l33t
Joined: 08 Feb 2005 Posts: 623 Location: Almeria, Spain
|
Posted: Tue Feb 02, 2010 10:14 am Post subject: |
|
|
haarp wrote: | Works fine for me. Try my initscipt:
...
[ |
Thanks very much. Your script made me notice where my error was coming from: my log file had changed from /var/log/auth.log to /var/log/messages but I hadn't updated this info in my blacklist.py script.
I am using now your script even though my old one could still work. |
|
Back to top |
|
|
Shadus n00b
Joined: 27 Mar 2005 Posts: 42
|
Posted: Mon Aug 29, 2011 4:44 pm Post subject: |
|
|
I've noticed on some newer version of python this seems to crash a lot, have there been any updates to keep this as stable as it was on older versions of python? |
|
Back to top |
|
|
wolfieh n00b
Joined: 17 Nov 2009 Posts: 54
|
Posted: Thu Sep 29, 2011 5:57 pm Post subject: |
|
|
i just disable password authentication and use public key auth only |
|
Back to top |
|
|
qdii Tux's lil' helper
Joined: 19 Sep 2009 Posts: 106 Location: Madrid
|
Posted: Tue Nov 29, 2011 11:24 pm Post subject: |
|
|
link seems to be down |
|
Back to top |
|
|
|