|
HOME BlueQuartz.US Open Source Info for Open Source Users |
 Register  Memberlist Usergroups FAQ  Search
|
 Subscriptions Profile  Private messages  Log in
|
|
|
|
  |
| DFix update | |||
| Message | Author | ||
|---|---|---|---|
|
Greg Kuhnert | ||
| Over the last few days, I have noticed two events on my servers.
The first one relates to SMTP auth failures. For some reason, I was getting absolutely hammered with SMTP auth failures. I dont know why, but PAM_ABL was not kicking in on the failures. DFIX now picks up these, and blocks someone trying to attack via SMTP auth. The next was ssh attacks. We've all seen "Did not receive identification string from" messages... Denyhosts picks these up, and successfully blocks further attack. However, I've noticed that a lot of the miscreants out there keep trying to connect resulting in a truckload of "refused connect from" ssh log messages. DFIX now picks up the "refused connect from" messages, and blocks the attacker. If someone is determined, this will at least block them from getting in on another port. I've done one other minor change. There is a new log level available, and I have moved the famous non-ip target error message to this new log level. Regards, Greg. -- +---------------------------------------------------------------------+ | / \ Greg Kuhnert, gkuhnert@compassnetworks.com.au | |< o> Compass Networks - Pointing you in the right direction | | \ / Come see us for BlueQuartz / BlueOnyx modules& Support. | +---------------------------------------------------------------------+ |
|||
 |
|||
| |
All times are GMT - 5 Hours |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum |
Powered by phpBB © 2001, 2005 phpBB Group