Search found 4 matches
- 05 Jan 2013, 07:42
- Forum: General Discussion (csf)
- Topic: Receiving ssh root login alerts with no ssh root login
- Replies: 3
- Views: 6328
Re: Receiving ssh root login alerts with no ssh root login
I've seen these false positives trigger before. There is no way this was a legit root login. I logged in immediately and there was no other user logged in. With regard to disallowing "root" for obscurity - I've got the strongest password around, so if I let the entire world know that they ...
- 27 Oct 2012, 04:41
- Forum: General Discussion (csf)
- Topic: Receiving ssh root login alerts with no ssh root login
- Replies: 3
- Views: 6328
Re: Receiving ssh root login alerts with no ssh root login
Is there someplace else I should be posting or submitting this inquiry?
- 08 Oct 2012, 20:39
- Forum: General Discussion (csf)
- Topic: Receiving ssh root login alerts with no ssh root login
- Replies: 3
- Views: 6328
Receiving ssh root login alerts with no ssh root login
Hi there - My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login - lfd on server.servername.com: SSH login alert for user root from 62.212.154.143 (NL/Netherlands/www.dig...
- 03 Jan 2012, 22:45
- Forum: Suggestions (csf)
- Topic: Auto-expire IP Blocks Based on specified criteria
- Replies: 1
- Views: 3038
Auto-expire IP Blocks Based on specified criteria
Hi there - Is it possible to implement something like expiring blocked IPs automatically based on user-specified criteria such as originating country? For example, I want US-based IP blocks to expire in 60 minutes and China-based IP blocks to expire in 12 hours. That would go a long way to easing th...