From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MZVEu-0002Ha-6s for garchives@archives.gentoo.org; Fri, 07 Aug 2009 19:36:33 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CBD2EE0230; Fri, 7 Aug 2009 19:36:30 +0000 (UTC) Received: from mail-ew0-f210.google.com (mail-ew0-f210.google.com [209.85.219.210]) by pigeon.gentoo.org (Postfix) with ESMTP id 92C0FE028D for ; Fri, 7 Aug 2009 19:36:30 +0000 (UTC) Received: by ewy6 with SMTP id 6so1892180ewy.34 for ; Fri, 07 Aug 2009 12:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=veHuMwv6NVwjOKKcJkqn2wiwQ6uavw0jWsO3B+nAgqk=; b=VTQ9zSCd9l/bFhg6BH9hebX9DFCkaCPxiPyjZMIUt3s5ChErfjhwE4MEQwDptXwz2B aOTWgrgqC6vnpV5LI5ZEXsh6JW0XDpaxNakoLPJze/3S4UO95tdI8hr7XhvmxilGr9My dAnCaoLtIbwJ62N7HAYCcYRgM2TVX0pPr6iOM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=ocVu8NC6kaVO42sLCd0UUAEXZ8DdnV/e8+1nvu1aLbsEJ6NN6Ky76dCv9YEIq+5toi QO8KKTt9GCiA3PujnwzsQGjeRD+TMGRRxegWuqrRkqGY8LMjh9ZBKbsIQeXtknkIKqK8 4uEODxPFGGkLj9gaZrdStu83XIqhebXeLEbbY= Received: by 10.210.127.10 with SMTP id z10mr1444789ebc.13.1249673790068; Fri, 07 Aug 2009 12:36:30 -0700 (PDT) Received: from ?192.168.1.33? (82-171-39-62.ip.telfort.nl [82.171.39.62]) by mx.google.com with ESMTPS id 10sm3959399eyz.1.2009.08.07.12.36.28 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 07 Aug 2009 12:36:29 -0700 (PDT) Message-ID: <4A7DE1DA.9070906@gmail.com> Date: Sat, 08 Aug 2009 22:36:42 +0200 From: mrfroasty User-Agent: Thunderbird 2.0.0.22 (X11/20090728) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] iptables && fail2ban References: <10114659.21222086363221.JavaMail.gibbonsr@twix.insanity5902.no-ip.org> <4A7559A4.4090400@gmail.com> <279fbba40908010253p11603234x627e90407f0eacf9@mail.gmail.com> <4A757751.5000000@gmail.com> <1249149991.4396.2.camel@laptop.homershut.net> In-Reply-To: <1249149991.4396.2.camel@laptop.homershut.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 7b861914-de1f-41b1-a2e2-253b1e48c32b X-Archives-Hash: d6dbae20bb10535f1941d98c231130b4 I have applied this and test it looks like its working better, found in the ubuntu forums... failregex = \(\S+\[\]\)[: -]+ USER \S+: no such user found from \S+ \[[0-9.]+\] to \S+:\S+$ \(\S+\[\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$ \(\S+\[\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$ \(\S+\[\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$ USER \S+: no such user found from \S* ?\[\] to \S+\s*$ Homer Parker wrote: > On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote: > >> Actually we are talking about proftp deamon analysed using >> /var/log/auth.log. >> > > You can play with fail2ban-regex and see what it thinks. > > -- Extra details: OSS:Gentoo Linux profile:x86 Hardware:msi geforce 8600GT asus p5k-se location:/home/muhsin language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS Typo:40WPM url:http://www.mzalendo.net