[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
10/16/2005 at 11:19AM PDT, ID: 21596779
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
8.2

Deny certaain IP address from accessing RH9 server

Asked by smetterd in Linux Network Security

Tags: ip, deny, address

My logs show people trying to guess  passwords. What's the easiest way for me to flat-out deny connections from offending IP addresses such as "218.5.2.223"?

---------------------------

 ################### LogWatch 4.3.1 (01/13/03) ####################
       Processing Initiated: Sun Oct 16 04:02:13 2005
       Date Range Processed: yesterday
     Detail Level of Output: 0
          Logfiles for Host: hosting.dallasray.com  ################################################################

 --------------------- pam_unix Begin ------------------------

sshd:
   Invalid Users:
      Unknown Account: 87 Time(s)
   Authentication Failures:
      adm (218.5.2.223 ): 1 Time(s)
      games (218.5.2.223 ): 1 Time(s)
      news (218.5.2.223 ): 1 Time(s)
      mysql (218.5.2.223 ): 2 Time(s)
      nobody (218.5.2.223 ): 1 Time(s)
      mail (218.5.2.223 ): 1 Time(s)
      apache (218.5.2.223 ): 1 Time(s)
      rpm (218.5.2.223 ): 1 Time(s)
      unknown (218.5.2.223 ): 86 Time(s)
      operator (218.5.2.223 ): 1 Time(s)
      unknown (220.174.208.39 ): 1 Time(s)
      sshd (218.5.2.223 ): 1 Time(s)
      ftp (218.5.2.223 ): 1 Time(s)


 ---------------------- pam_unix End -------------------------


 --------------------- Connections (secure-log) Begin ------------------------


Connections:
   Service imap:
      24.227.192.2: 2 Time(s)
      127.0.0.1: 253 Time(s)

 ---------------------- Connections (secure-log) End -------------------------


 --------------------- SSHD Begin ------------------------


Failed logins from these:
   Aaliyah/password from 218.5.2.223: 1 Time(s)
   Aaron/password from 218.5.2.223: 1 Time(s)
   Aba/password from 218.5.2.223: 1 Time(s)
   Abel/password from 218.5.2.223: 1 Time(s)
   Jewel/password from 218.5.2.223: 1 Time(s)
   adam/password from 218.5.2.223: 1 Time(s)
   adm/password from 218.5.2.223: 1 Time(s)
   admin/password from 218.5.2.223: 7 Time(s)
   admins/password from 218.5.2.223: 2 Time(s)
   alan/password from 218.5.2.223: 1 Time(s)
   alex/password from 218.5.2.223: 1 Time(s)
   amanda/password from 218.5.2.223: 1 Time(s)
   andrew/password from 220.174.208.39: 1 Time(s)
   angel/password from 218.5.2.223: 1 Time(s)
   apache/password from 218.5.2.223: 1 Time(s)
   aron/password from 218.5.2.223: 1 Time(s)
   backup/password from 218.5.2.223: 1 Time(s)
   brett/password from 218.5.2.223: 1 Time(s)
   danny/password from 218.5.2.223: 1 Time(s)
   data/password from 218.5.2.223: 1 Time(s)
   david/password from 218.5.2.223: 1 Time(s)
   ftp/password from 218.5.2.223: 1 Time(s)
   games/password from 218.5.2.223: 1 Time(s)
   george/password from 218.5.2.223: 1 Time(s)
   guest/password from 218.5.2.223: 2 Time(s)
   http/password from 218.5.2.223: 1 Time(s)
   httpd/password from 218.5.2.223: 1 Time(s)
   ident/password from 218.5.2.223: 1 Time(s)
   info/password from 218.5.2.223: 2 Time(s)
   john/password from 218.5.2.223: 1 Time(s)
   library/password from 218.5.2.223: 1 Time(s)
   linux/password from 218.5.2.223: 1 Time(s)
   mail/password from 218.5.2.223: 1 Time(s)
   master/password from 218.5.2.223: 1 Time(s)
   michael/password from 218.5.2.223: 2 Time(s)
   mikael/password from 218.5.2.223: 1 Time(s)
   mike/password from 218.5.2.223: 2 Time(s)
   mysql/password from 218.5.2.223: 2 Time(s)
   news/password from 218.5.2.223: 1 Time(s)
   nobody/password from 218.5.2.223: 1 Time(s)
   operator/password from 218.5.2.223: 1 Time(s)
   oracle/password from 218.5.2.223: 1 Time(s)
   party/password from 218.5.2.223: 1 Time(s)
   paul/password from 218.5.2.223: 1 Time(s)
   pgsql/password from 218.5.2.223: 2 Time(s)
   postmaster/password from 218.5.2.223: 1 Time(s)
   resin/password from 218.5.2.223: 1 Time(s)
   richard/password from 218.5.2.223: 2 Time(s)
   robert/password from 218.5.2.223: 1 Time(s)
   root/password from 218.5.2.223: 17 Time(s)
   rpm/password from 218.5.2.223: 1 Time(s)
   sales/password from 218.5.2.223: 1 Time(s)
   sara/password from 218.5.2.223: 1 Time(s)
   search/password from 218.5.2.223: 1 Time(s)
   sgi/password from 218.5.2.223: 1 Time(s)
   sharon/password from 218.5.2.223: 1 Time(s)
   shell/password from 218.5.2.223: 1 Time(s)
   shop/password from 218.5.2.223: 1 Time(s)
   ssh/password from 218.5.2.223: 1 Time(s)
   sshd/password from 218.5.2.223: 1 Time(s)
   stephen/password from 218.5.2.223: 1 Time(s)
   steven/password from 218.5.2.223: 1 Time(s)
   sunny/password from 218.5.2.223: 1 Time(s)
   sunsun/password from 218.5.2.223: 1 Time(s)
   susan/password from 218.5.2.223: 1 Time(s)
   suva/password from 218.5.2.223: 1 Time(s)
   technicom/password from 218.5.2.223: 1 Time(s)
   test/password from 218.5.2.223: 5 Time(s)
   unix/password from 218.5.2.223: 1 Time(s)
   user/password from 218.5.2.223: 2 Time(s)
   username/password from 218.5.2.223: 2 Time(s)
   users/password from 218.5.2.223: 1 Time(s)
   web/password from 218.5.2.223: 1 Time(s)
   webadmin/password from 218.5.2.223: 1 Time(s)
   webmaster/password from 218.5.2.223: 2 Time(s)
   webpop/password from 218.5.2.223: 1 Time(s)
   www-data/password from 218.5.2.223: 1 Time(s)
   www/password from 218.5.2.223: 1 Time(s)
   wwwrun/password from 218.5.2.223: 1 Time(s)

**Unmatched Entries**
Illegal user andrew from 220.174.208.39
Illegal user admin from 218.5.2.223
Illegal user test from 218.5.2.223
Illegal user guest from 218.5.2.223
Illegal user webmaster from 218.5.2.223
Illegal user oracle from 218.5.2.223
Illegal user library from 218.5.2.223
Illegal user info from 218.5.2.223
Illegal user shell from 218.5.2.223
Illegal user linux from 218.5.2.223
Illegal user unix from 218.5.2.223
Illegal user webadmin from 218.5.2.223
Illegal user test from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user guest from 218.5.2.223
Illegal user master from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user test from 218.5.2.223
Illegal user test from 218.5.2.223
Illegal user webmaster from 218.5.2.223
Illegal user user from 218.5.2.223
Illegal user username from 218.5.2.223
Illegal user username from 218.5.2.223
Illegal user user from 218.5.2.223
Illegal user admin from 218.5.2.223
Illegal user test from 218.5.2.223
Illegal user danny from 218.5.2.223
Illegal user sharon from 218.5.2.223
Illegal user aron from 218.5.2.223
Illegal user alex from 218.5.2.223
Illegal user brett from 218.5.2.223
Illegal user mike from 218.5.2.223
Illegal user alan from 218.5.2.223
Illegal user data from 218.5.2.223
Illegal user www-data from 218.5.2.223
Illegal user http from 218.5.2.223
Illegal user httpd from 218.5.2.223
Illegal user backup from 218.5.2.223
Illegal user info from 218.5.2.223
Illegal user shop from 218.5.2.223
Illegal user sales from 218.5.2.223
Illegal user web from 218.5.2.223
Illegal user www from 218.5.2.223
Illegal user wwwrun from 218.5.2.223
Illegal user adam from 218.5.2.223
Illegal user stephen from 218.5.2.223
Illegal user richard from 218.5.2.223
Illegal user george from 218.5.2.223
Illegal user michael from 218.5.2.223
Illegal user john from 218.5.2.223
Illegal user david from 218.5.2.223
Illegal user paul from 218.5.2.223
Illegal user angel from 218.5.2.223
Illegal user pgsql from 218.5.2.223
Illegal user pgsql from 218.5.2.223
Illegal user ident from 218.5.2.223
Illegal user resin from 218.5.2.223
Illegal user mikael from 218.5.2.223
Illegal user mike from 218.5.2.223
Illegal user suva from 218.5.2.223
Illegal user webpop from 218.5.2.223
Illegal user technicom from 218.5.2.223
Illegal user susan from 218.5.2.223
Illegal user sunsun from 218.5.2.223
Illegal user sunny from 218.5.2.223
Illegal user steven from 218.5.2.223
Illegal user ssh from 218.5.2.223
Illegal user search from 218.5.2.223
Illegal user sara from 218.5.2.223
Illegal user robert from 218.5.2.223
Illegal user richard from 218.5.2.223
Illegal user postmaster from 218.5.2.223 Illegal user party from 218.5.2.223 Illegal user michael from 218.5.2.223 Illegal user amanda from 218.5.2.223 Illegal user sgi from 218.5.2.223 Illegal user Aaliyah from 218.5.2.223 Illegal user Aaron from 218.5.2.223 Illegal user Aba from 218.5.2.223 Illegal user Abel from 218.5.2.223 Illegal user Jewel from 218.5.2.223 Illegal user users from 218.5.2.223 Illegal user admins from 218.5.2.223 Illegal user admins from 218.5.2.223

 ---------------------- SSHD End -------------------------


 ###################### LogWatch End #########################

[+][-]10/16/05 11:26 AM, ID: 15095233

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/16/05 11:51 AM, ID: 15095305

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/16/05 11:54 AM, ID: 15095315

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: Linux Network Security
Tags: ip, deny, address
Sign Up Now!
Solution Provided By: ahoffmann
Participating Experts: 7
Solution Grade: A
 
 
[+][-]10/16/05 12:22 PM, ID: 15095387

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/16/05 12:27 PM, ID: 15095405

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/16/05 01:02 PM, ID: 15095522

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/16/05 11:21 PM, ID: 15097431

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/17/05 12:13 AM, ID: 15097590

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/17/05 08:34 AM, ID: 15100408

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/18/05 01:44 AM, ID: 15105598

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/18/05 02:04 AM, ID: 15105667

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/18/05 06:23 AM, ID: 15107095

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/18/05 06:24 AM, ID: 15107118

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-91