[SAC] trac VM in unhealthy state
Markus Neteler
neteler at osgeo.org
Thu May 23 09:24:28 PDT 2013
On Thu, May 23, 2013 at 10:16 AM, Martin Spott <Martin.Spott at mgras.net> wrote:
> On Wed, May 22, 2013 at 11:38:28PM -0700, Alex Mandel wrote:
>
>> Anyone have an opinion Fail2ban, DenyHosts or SSHGuard?
>
> As far as I can tell without checking, "denyhosts" is running on most
> of the Debian 6 VM's. If nobody complained, I suspect it's working
> properly.
I guess not:
grep 'Failed password' auth.log auth.log.1 | wc -l
3488
zgrep 'Failed password' auth.log*.gz | wc -l
7486
Many of them are identical IPs... so they are trying dictionary attacks
without being stopped by denyhosts.
Markus
More information about the Sac
mailing list