Search found 4 matches

by lbeachmike
05 Jan 2013, 07:42
Forum: General Discussion (csf)
Topic: Receiving ssh root login alerts with no ssh root login
Replies: 3
Views: 6328

Re: Receiving ssh root login alerts with no ssh root login

I've seen these false positives trigger before. There is no way this was a legit root login. I logged in immediately and there was no other user logged in. With regard to disallowing "root" for obscurity - I've got the strongest password around, so if I let the entire world know that they ...
by lbeachmike
27 Oct 2012, 04:41
Forum: General Discussion (csf)
Topic: Receiving ssh root login alerts with no ssh root login
Replies: 3
Views: 6328

Re: Receiving ssh root login alerts with no ssh root login

Is there someplace else I should be posting or submitting this inquiry?
by lbeachmike
08 Oct 2012, 20:39
Forum: General Discussion (csf)
Topic: Receiving ssh root login alerts with no ssh root login
Replies: 3
Views: 6328

Receiving ssh root login alerts with no ssh root login

Hi there - My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login - lfd on server.servername.com​: SSH login alert for user root from 62.212.154​.143 (NL/Nether​lands/www.​dig...
by lbeachmike
03 Jan 2012, 22:45
Forum: Suggestions (csf)
Topic: Auto-expire IP Blocks Based on specified criteria
Replies: 1
Views: 3038

Auto-expire IP Blocks Based on specified criteria

Hi there - Is it possible to implement something like expiring blocked IPs automatically based on user-specified criteria such as originating country? For example, I want US-based IP blocks to expire in 60 minutes and China-based IP blocks to expire in 12 hours. That would go a long way to easing th...