|
-
Find out who's trying to break into your box
The /var/log/btmp file shows you failed logins. you can use last to read it:
Code:
last -f /var/log/btmp
or simply just use lastb
Then spice it up a little bit ...
Show the top 10 IPs with failed logins (first column is failed # of tries, then 2nd column is the IP)
Code:
lastb | awk '{print $3}' | sort | uniq -c | sort -rn | head -10
Show the top 10 usernames with failed logins
Code:
lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -10
-
The Following User Says Thank You to Rob For This Useful Post:
-
by default:
`last` uses /var/log/wtmp (shows a list of users who logged in)
`lastb` uses /var/log/btmp (shows bag login attempts)
-
-
That's quite interesting I think..CSF/WHM notifies me of failed login attempts already though.
-
-
Quite impressive terminal code there! Two months ago i noticed through my Kloxo's lxguard logs, i noticed around 200+ login failed attempts from different IP's. I could have never thought that a host not advertised a lot would attract so much intrusion.
Glad there are stuff to detect these and block them out.
-
-
Yeah its important to check for bad logins, you may look and think, oh well at least they are not getting in, but it could easily be a DDoS. Linux logs are just awesome,
-
-
 Originally Posted by scotty
Yeah its important to check for bad logins, you may look and think, oh well at least they are not getting in, but it could easily be a DDoS. Linux logs are just awesome,
I had a question in mind when you mentioned about DDoS. Do Dos deflators really works that well when it comes to such situations? There could be different kind of attacks. I've noticed that HTTP attacks from few IP's are much easier to stop than TCP.
-
-
Originally Posted by DaReaper
I had a question in mind when you mentioned about DDoS. Do Dos deflators really works that well when it comes to such situations? There could be different kind of attacks. I've noticed that HTTP attacks from few IP's are much easier to stop than TCP.
It would depend on the size of attack - I have been on the other end of such a DDoS which was huge, the deflators did not hold firm. Anyhow since I have had no such problems. So they could be working.
-
Similar Threads
-
By gcawood in forum Command Line
Replies: 6
Last Post: 11-28-2011, 01:10 PM
-
By Fred in forum Linux News
Replies: 0
Last Post: 11-01-2011, 12:30 PM
-
By gcawood in forum General Linux
Replies: 0
Last Post: 10-29-2011, 08:52 AM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Check out Linux Central for Linux software and other goodies!
» Recent Threads
» Stats
Members: 3,574
Threads: 3,920
Posts: 9,442
Top Poster: Fred (1,486)
» Links
|
Reply With Quote
Bookmarks