system is under attack (what can I do more?)

Balázs Mátéffy repcsike at
Fri Jun 18 12:31:12 UTC 2010


1, maybe the line with the rule is in a bad place in the conf, but even if
it's working it's possible that it wont be triggered. As far as I can see
there are 30 sec interval pauses between attacks from one host. Your rule is
looking for connections in 30 sec ranges.

2,You should use a program that monitors the logs, and then passes the ips
after 3 unsuccessful logins to the bruteforce table.

See bruteforceblocker, but there are a bunch of other programs for this.



More information about the freebsd-questions mailing list