1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Automatically block attacking ips

Discussion in 'Plesk for Linux - 8.x and Older' started by ylon, Mar 24, 2005.

  1. ylon

    ylon Basic Pleskian

    23
    23%
    Joined:
    Apr 28, 2007
    Messages:
    39
    Likes Received:
    0
    I'm getting a whole lot of attacks it appears and I'd like to automatically perform an nslookup or if it is an ip add it directly to the firewall to block all incoming traffic from these attackers. What is available to allow this type of functionality?

    Here is a sample of what I've been seeing in my logs:
    Mar 24 06:57:55 domain sshd(pam_unix)[10608]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:57:55 domain sshd(pam_unix)[10612]: check pass; user unknown
    Mar 24 06:57:55 domain sshd(pam_unix)[10612]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:57:58 domain sshd(pam_unix)[10619]: check pass; user unknown
    Mar 24 06:57:58 domain sshd(pam_unix)[10619]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:57:59 domain sshd(pam_unix)[10621]: check pass; user unknown
    Mar 24 06:57:59 domain sshd(pam_unix)[10621]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:01 domain sshd(pam_unix)[10623]: check pass; user unknown
    Mar 24 06:58:01 domain sshd(pam_unix)[10623]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:58:02 domain sshd(pam_unix)[10628]: check pass; user unknown
    Mar 24 06:58:02 domain sshd(pam_unix)[10628]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:02 domain sshd(pam_unix)[10631]: check pass; user unknown
    Mar 24 06:58:02 domain sshd(pam_unix)[10631]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:06 domain sshd(pam_unix)[10643]: check pass; user unknown
    Mar 24 06:58:06 domain sshd(pam_unix)[10643]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:06 domain sshd(pam_unix)[10645]: check pass; user unknown
    Mar 24 06:58:06 domain sshd(pam_unix)[10645]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:07 domain sshd(pam_unix)[10640]: check pass; user unknown
    Mar 24 06:58:07 domain sshd(pam_unix)[10640]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:58:10 domain sshd(pam_unix)[10649]: check pass; user unknown
    Mar 24 06:58:10 domain sshd(pam_unix)[10649]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:10 domain sshd(pam_unix)[10650]: check pass; user unknown
    Mar 24 06:58:10 domain sshd(pam_unix)[10650]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:13 domain sshd(pam_unix)[10654]: check pass; user unknown
    Mar 24 06:58:13 domain sshd(pam_unix)[10654]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:58:14 domain sshd(pam_unix)[10657]: check pass; user unknown
    Mar 24 06:58:14 domain sshd(pam_unix)[10657]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:14 domain sshd(pam_unix)[10659]: check pass; user unknown
    Mar 24 06:58:14 domain sshd(pam_unix)[10659]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11
    Mar 24 06:58:18 domain sshd(pam_unix)[10664]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=mysql
    Mar 24 06:58:18 domain sshd(pam_unix)[10666]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=mysql
    Mar 24 06:58:18 domain sshd(pam_unix)[10662]: check pass; user unknown
    Mar 24 06:58:18 domain sshd(pam_unix)[10662]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:58:22 domain sshd(pam_unix)[10669]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=operator
    Mar 24 06:58:22 domain sshd(pam_unix)[10670]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=operator
    Mar 24 06:58:24 domain sshd(pam_unix)[10673]: check pass; user unknown
    Mar 24 06:58:24 domain sshd(pam_unix)[10673]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61-218-49-243.hinet-ip.hinet.net
    Mar 24 06:58:26 domain sshd(pam_unix)[10675]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=adm
    Mar 24 06:58:26 domain sshd(pam_unix)[10676]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=adm
    Mar 24 06:58:30 domain sshd(pam_unix)[10682]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=apache
    Mar 24 06:58:30 domain sshd(pam_unix)[10684]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=210.0.201.11 user=apache
     
  2. ylon

    ylon Basic Pleskian

    23
    23%
    Joined:
    Apr 28, 2007
    Messages:
    39
    Likes Received:
    0
    I apologize, I had not seen this answer previously that I was given to the same question some time ago:

    http://forum.sw-soft.com/showthread.php?s=&threadid=21927&highlight=attacking+ips
     
Loading...