Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 40

Thread: How can I shake off this guy ?

  1. #11
    Join Date
    Nov 2008
    Beans
    Hidden!

    Re: How can I shake off this guy ?

    Thanks 1clue.
    First I followed chadk5utc & Hungry Man and installed Fail2ban.
    Up to the instruction

    sudo /etc/init.d/fail2ban restart

    I was greeted with the message
    * Restarting authentication failure monitor fail2ban
    So I gave up.
    Then I followed cprofitt's advice and blocked that guy in my router's firewall.
    If that doesn't work out then I will follow yours.
    But learning is fun, despite my old age.
    Happy holidays to all.

  2. #12
    Join Date
    Oct 2007
    Beans
    338

    Re: How can I shake off this guy ?

    Check your logs to get a better idea why fail2ban is giving errors we may be able to help you resolve them.
    Try to run it and post the complete output from the Terminal here.

    Something else you can do if you havent already is reconfigure ssh to another port out of the normal range maybe above 1029 this will also help then reconfigure your firewall to allow this and block the original(port22)
    Last edited by chadk5utc; December 19th, 2012 at 07:28 PM. Reason: update

  3. #13
    Join Date
    Nov 2008
    Beans
    Hidden!

    Re: How can I shake off this guy ?

    I don't know how to "run" fail2ban , but here is the /var/log/fail2ban.log

    Code:
    2012-12-19 10:39:36,960 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 10:39:36,961 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 10:39:36,961 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-12-19 10:39:36,969 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 10:39:36,969 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 10:39:36,970 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 10:39:36,970 fail2ban.actions: INFO   Set banTime = 600
    2012-12-19 10:39:36,991 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 11:01:38,667 fail2ban.server : INFO   Stopping all jails
    2012-12-19 11:01:39,390 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 11:01:39,390 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 11:01:39,707 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 11:01:39,708 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 11:01:39,709 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin
    2012-12-19 11:01:39,768 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 11:01:39,768 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 11:01:39,768 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 11:01:39,769 fail2ban.actions: INFO   Set banTime = 86400
    2012-12-19 11:01:39,790 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 11:09:27,084 fail2ban.server : INFO   Stopping all jails
    2012-12-19 11:09:27,293 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 11:09:27,293 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 11:09:27,609 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 11:09:27,609 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 11:09:27,610 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin
    2012-12-19 11:09:27,618 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 11:09:27,618 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 11:09:27,618 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 11:09:27,619 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 11:09:27,640 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 11:16:28,191 fail2ban.server : INFO   Stopping all jails
    2012-12-19 11:16:29,089 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 11:16:29,090 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 11:17:48,975 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 11:17:49,041 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 11:17:49,089 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin
    2012-12-19 11:17:49,550 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 11:17:49,683 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 11:17:49,683 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 11:17:49,683 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 11:17:49,705 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 11:33:58,296 fail2ban.server : INFO   Stopping all jails
    2012-12-19 11:33:58,822 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 11:33:58,823 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 11:33:59,141 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 11:33:59,141 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 11:33:59,142 fail2ban.jail   : INFO   Jail 'ssh' uses Gamin
    2012-12-19 11:33:59,150 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 11:33:59,150 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 11:33:59,151 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 11:33:59,151 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 11:33:59,172 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 12:13:04,413 fail2ban.server : INFO   Stopping all jails
    2012-12-19 12:13:04,650 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 12:13:04,650 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 12:13:04,968 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 12:13:04,969 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 12:13:04,969 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-12-19 12:13:04,998 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 12:13:04,998 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 12:13:04,998 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 12:13:04,999 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 12:13:05,020 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 12:16:26,448 fail2ban.server : INFO   Stopping all jails
    2012-12-19 12:16:27,242 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 12:16:27,242 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 12:16:27,560 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 12:16:27,560 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 12:16:27,560 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-12-19 12:16:27,568 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 12:16:27,568 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 12:16:27,568 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 12:16:27,569 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 12:16:27,590 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 12:42:44,695 fail2ban.server : INFO   Stopping all jails
    2012-12-19 12:42:45,260 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 12:42:45,260 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 12:44:55,220 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 12:44:55,230 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 12:44:55,230 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-12-19 12:44:55,243 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 12:44:55,286 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 12:44:55,287 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 12:44:55,287 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 12:44:55,308 fail2ban.jail   : INFO   Jail 'ssh' started
    2012-12-19 13:11:35,900 fail2ban.server : INFO   Stopping all jails
    2012-12-19 13:11:36,493 fail2ban.jail   : INFO   Jail 'ssh' stopped
    2012-12-19 13:11:36,493 fail2ban.server : INFO   Exiting Fail2ban
    2012-12-19 13:11:36,810 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.6
    2012-12-19 13:11:36,811 fail2ban.jail   : INFO   Creating new jail 'ssh'
    2012-12-19 13:11:36,811 fail2ban.jail   : INFO   Jail 'ssh' uses poller
    2012-12-19 13:11:36,819 fail2ban.filter : INFO   Added logfile = /var/log/auth.log
    2012-12-19 13:11:36,819 fail2ban.filter : INFO   Set maxRetry = 6
    2012-12-19 13:11:36,819 fail2ban.filter : INFO   Set findtime = 600
    2012-12-19 13:11:36,820 fail2ban.actions: INFO   Set banTime = 3600
    2012-12-19 13:11:36,841 fail2ban.jail   : INFO   Jail 'ssh' started

  4. #14
    Join Date
    Mar 2009
    Beans
    1,709

    Re: How can I shake off this guy ?

    Quote Originally Posted by leclerc65 View Post
    Thanks 1clue.
    ...
    But learning is fun, despite my old age.
    Happy holidays to all.
    In that case, when you get your basic hole fixed why don't you start reading up on your system logger and exactly how it works, including writing a few entries manually just to get familiar with it?

    There's not a lot that's more important for security than good logging and a good system administrator who actually looks at them once in awhile.

    Usually I assume the poster just wants to get up and going as soon as possible, but that really doesn't facilitate learning very well.

    Obviously then you might want to read up on some networking topics, linux firewalls, SOHO router firewalls, ...

    Good luck, have fun and take the time to really figure it out before you get distracted.
    Help stamp out MBR partition tables. Use GPT instead!

  5. #15
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How can I shake off this guy ?

    BTW, if you are wanting to keep an eye on logs without digging thru them, check out logwatch (it's in the repos).
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #16
    Join Date
    Oct 2007
    Beans
    338

    Re: How can I shake off this guy ?

    Ok I dont see anything in that output to indicate an issue, so try
    sudo fail2ban-client status
    post the output also heres a link that may help check and copy config and tune it for your system.
    https://help.ubuntu.com/community/Fail2ban
    or
    https://www.digitalocean.com/communi...n-ubuntu-12-04

  7. #17
    Join Date
    Oct 2007
    Beans
    338

    Re: How can I shake off this guy ?

    +1 This is a great tool
    Quote Originally Posted by CharlesA View Post
    BTW, if you are wanting to keep an eye on logs without digging thru them, check out logwatch (it's in the repos).

  8. #18
    Join Date
    Nov 2008
    Beans
    Hidden!

    Re: How can I shake off this guy ?

    Here is the output of status

    Status
    |- Number of jail: 1
    `- Jail list: ssh

  9. #19
    Join Date
    Nov 2008
    Beans
    Hidden!

    Re: How can I shake off this guy ?

    Quote Originally Posted by 1clue
    Obviously then you might want to read up on some networking topics, linux firewalls, SOHO router firewalls, ...

    Good luck, have fun and take the time to really figure it out before you get distracted.
    I try, I try...
    But at the age that when going upstairs to look for something, then forget what I am looking for, that doesn't help...

  10. #20
    Join Date
    Mar 2009
    Beans
    1,709

    Re: How can I shake off this guy ?

    Quote Originally Posted by leclerc65 View Post
    I try, I try...
    But at the age that when going upstairs to look for something, then forget what I am looking for, that doesn't help...
    Trust me. I know EXACTLY what you mean.
    Help stamp out MBR partition tables. Use GPT instead!

Page 2 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •