also sprach Stefano Salvi <stefano@salvi.mn.it> [2006.05.07.0926 +0200]:
> Unfortunately Fail2Ban doesn't block the attackers on this attack, as
> the Log line doesn't contain the IP of the attacker (the IP is only
> listed if the login doesn't exist).
Sure it blocks it. That would be a pretty bad bug if it didn't. At
least version 0.6.1 does.
> However, having the attempted attack listed in LogCheck mails
> doesn't block it...I also ask is there any use however in having
> it listed?
Not really. My theory is that I don't need to know when someone
tries a password login for the root account, since password logins
are not possible anyway.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
"when zarathustra was alone... he said to his heart: 'could it be
possible! this old saint in the forest hath not yet heard of it, that
god is dead!'"
- friedrich nietzsche
Attachment:
signature.asc
Description: Digital signature (GPG/PGP)