Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[HOWTO] Get rid of SSH Brute Force Attempts / Script Kiddies
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5, 6  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
fwmartin
n00b
n00b


Joined: 14 Jan 2005
Posts: 4

PostPosted: Sat Dec 06, 2008 6:23 pm    Post subject: Reply with quote

Anyone else getting distributed attempts now? I'm getting hit by many ips. Each at a rate below fail2bans threshold.
Back to top
View user's profile Send private message
urcindalo
Guru
Guru


Joined: 08 Feb 2005
Posts: 553
Location: Almeria, Spain

PostPosted: Mon Feb 01, 2010 9:16 am    Post subject: Reply with quote

I was running this script with great success in the past, but I just noticed that for a long while I haven't received any more local messages on ssh attempts. Since I don't think they have stopped all of a sudden, I checked my init script and I found this out:
Code:
$ sudo /etc/init.d/blacklist restart
 * Staring blacklist.py ...                                                                                        [ !! ]


Is anyone else having problems with this script? I miss it.
Back to top
View user's profile Send private message
haarp
Guru
Guru


Joined: 31 Oct 2007
Posts: 367

PostPosted: Tue Feb 02, 2010 8:20 am    Post subject: Reply with quote

Works fine for me. Try my initscipt:

Code:
#!/sbin/runscript
# Distributed under the terms of the GNU General Public License v2
#
# Refer to forum post: http://forums.gentoo.org/viewtopic-p-3141510.html#3141510
#
# Date: 2008-05-14
# Version 0.2 by dr4cul4
# modified by haarp on 2008-07-08


# you may want to comment iptables...
depend() {
   need localmount net
   after bootmisc iptables
   use sshd
}

start() {
   ebegin "Starting blacklist"
   # For some reason, start-stop-daemon fails. Luckily, blacklist itself makes lockfiles
   # start-stop-daemon --start --background --quiet --pidfile /var/run/blacklist.pid --exec /usr/bin/python /usr/local/sbin/blacklist.py
   /usr/bin/python /usr/local/sbin/blacklist.py &
   eend $?
}

stop() {
   ebegin "Stopping blacklist"
   start-stop-daemon --stop --quiet --pidfile /var/run/blacklist.pid
   eend $?
}
Back to top
View user's profile Send private message
urcindalo
Guru
Guru


Joined: 08 Feb 2005
Posts: 553
Location: Almeria, Spain

PostPosted: Tue Feb 02, 2010 10:14 am    Post subject: Reply with quote

haarp wrote:
Works fine for me. Try my initscipt:
...
[


Thanks very much. Your script made me notice where my error was coming from: my log file had changed from /var/log/auth.log to /var/log/messages but I hadn't updated this info in my blacklist.py script.

I am using now your script :) even though my old one could still work.
Back to top
View user's profile Send private message
Shadus
n00b
n00b


Joined: 27 Mar 2005
Posts: 42

PostPosted: Mon Aug 29, 2011 4:44 pm    Post subject: Reply with quote

I've noticed on some newer version of python this seems to crash a lot, have there been any updates to keep this as stable as it was on older versions of python?
Back to top
View user's profile Send private message
wolfieh
n00b
n00b


Joined: 17 Nov 2009
Posts: 52

PostPosted: Thu Sep 29, 2011 5:57 pm    Post subject: Reply with quote

i just disable password authentication and use public key auth only
Back to top
View user's profile Send private message
qdii
Tux's lil' helper
Tux's lil' helper


Joined: 19 Sep 2009
Posts: 106
Location: Madrid

PostPosted: Tue Nov 29, 2011 11:24 pm    Post subject: Reply with quote

link seems to be down :(
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4, 5, 6
Page 6 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum