CSF does not appear to be blocking certain SSHD attempts

Post Reply
aaronr79
Junior Member
Posts: 8
Joined: 07 Mar 2008, 21:25

CSF does not appear to be blocking certain SSHD attempts

Post by aaronr79 »

Hi

I have noticed quite a few SSHD login attempts appearing in Logwatch that do not appear to be getting blocked by CSF.

The log looks like this:

Code: Select all

Feb 15 14:37:01 vps1 sshd[17428]: User root from 211.141.237.36 not allowed because not listed in AllowUsers
Feb 15 14:37:01 vps1 sshd[17429]: input_userauth_request: invalid user root
Feb 15 14:37:02 vps1 sshd[17429]: Received disconnect from 211.141.237.36: 11: Bye Bye
The above IP tried probably about 100 times. For info, the above log is from CentOS 5.4.

Thanks
dvk01
Junior Member
Posts: 80
Joined: 20 Feb 2010, 18:10

Post by dvk01 »

I am getting the same problems here

I thought it was my server , but perhaps it isn't

see my topic in suggestions
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

This error in the log isn't matched by any of the regex's:

Feb 15 14:37:01 vps1 sshd[17428]: User root from 211.141.237.36 not allowed because not listed in AllowUsers

I'll add that one to the dev list.
Post Reply