ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://forum.configserver.com/

CSF does not appear to be blocking certain SSHD attempts

https://forum.configserver.com/viewtopic.php?t=3248

Page 1 of 1

CSF does not appear to be blocking certain SSHD attempts

Posted: 16 Feb 2010, 11:19
by aaronr79
Hi

I have noticed quite a few SSHD login attempts appearing in Logwatch that do not appear to be getting blocked by CSF.

The log looks like this:

Code: Select all

Feb 15 14:37:01 vps1 sshd[17428]: User root from 211.141.237.36 not allowed because not listed in AllowUsers
Feb 15 14:37:01 vps1 sshd[17429]: input_userauth_request: invalid user root
Feb 15 14:37:02 vps1 sshd[17429]: Received disconnect from 211.141.237.36: 11: Bye Bye
The above IP tried probably about 100 times. For info, the above log is from CentOS 5.4.

Thanks

Posted: 20 Feb 2010, 20:49
by dvk01
I am getting the same problems here

I thought it was my server , but perhaps it isn't

see my topic in suggestions

Posted: 26 Feb 2010, 16:53
by chirpy
This error in the log isn't matched by any of the regex's:

Feb 15 14:37:01 vps1 sshd[17428]: User root from 211.141.237.36 not allowed because not listed in AllowUsers

I'll add that one to the dev list.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited