|
About README/Install Download FAQ |
FAQEXTEND-MODULE: sshdprotect "sshdprotect" is an application method for "dynipdrop". I usually see the sshd scan message from /var/log/secure like: Feb 28 17:30:23 VMCentOS01 sshd[24035]: Failed password for invalid user office from 218.38.12.71 port 53979 ssh2 Feb 28 09:30:23 VMCentOS01 sshd[24036]: Received disconnect from 218.38.12.71: 11: Bye Bye Feb 28 17:30:25 VMCentOS01 sshd[24037]: Invalid user samba from 218.38.12.71The "denyhost" project [http://denyhost.sf.net] can deny these scanner-IP an un-deny it when timeout. But I like use my dynipdrop to do this, so written the "sshdprotect" client. It running in the background and check the secure log, all setting is in "sshdprotect.conf", (similar to the denyhost config file, thanks Phil Schwartz, learn from your place.) If you want to use the "sshdprotect" client, modify the "sshdprotect.conf" and run "<install-path>/sshdprotect <config-file-install-path>/sshdprotect.conf", that's running when you see the "sshdprotect worked in background" message. ABOUT THE "extern_demo" DIRECTORY Sometimes you want to send a drop-message from your applications like PHP, python, perl, ruby, java etc.. "extern_demo" directory include some "send-drop-message-package" demo, and if you want to use "daemontools", see "daemontools_run_shell" directory. Hope can give you some help. ABOUT THE "DROP-LOG" "dynipdrop" log is in the "/var/log/dynipdrop_msg.log". |
||||
| -- Go Top -- |