Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so dont bother with any of their useless mail servers here and just use oauth login instead. Thank the nice Russians for causing that. :)
Paste
Pasted by registered user jazz_bass ( 13 years ago )
# fail2ban-regex /var/log/sshd.log /etc/fail2ban/filter.d/sshd.conf
Running tests
=============
Use regex file : /etc/fail2ban/filter.d/sshd.conf
Use log file : /var/log/sshd.log
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: llagny-156-35-9-240.w80-14.abo.wanadoo.fr = ['80.14.120.240']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Determined IP using DNS Reverse Lookup: macbook_bass_wlan = ['172.23.8.4']
Results
=======
Failregex: 2447 total
|- #) [# of hits] regular expression
| 1) [15] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
| 3) [804] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*Failed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
| 5) [217] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*[iI](?:llegal|nvalid) user .* from <HOST>\s*$
| 6) [592] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
| 8) [819] ^\s*(?:\S+ )?(?:kernel: \[\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:)?\s*(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
`-
Ignoreregex: 0 total
Summary
=======
Addresses found:
[1]
80.82.83.206 (Mon Mar 18 18:00:35 2013)
80.82.83.206 (Mon Mar 18 18:00:50 2013)
80.82.83.206 (Mon Mar 18 18:01:05 2013)
80.82.83.206 (Mon Mar 18 18:01:19 2013)
80.82.83.206 (Mon Mar 18 18:01:36 2013)
172.23.8.4 (Mon Mar 18 22:51:40 2013)
172.23.8.4 (Mon Mar 18 22:51:54 2013)
172.23.8.4 (Mon Mar 18 22:52:00 2013)
172.23.8.4 (Mon Mar 18 22:52:05 2013)
172.23.8.4 (Mon Mar 18 22:52:11 2013)
172.23.8.4 (Mon Mar 18 22:52:15 2013)
172.23.8.4 (Mon Mar 18 22:52:19 2013)
172.23.8.4 (Mon Mar 18 22:52:24 2013)
172.23.8.4 (Mon Mar 18 22:52:28 2013)
172.23.8.4 (Mon Mar 18 22:52:32 2013)
[3]
61.163.113.72 (Mon Mar 18 16:18:37 2013)
61.163.113.72 (Mon Mar 18 16:59:49 2013)
61.163.113.72 (Mon Mar 18 18:23:03 2013)
80.14.120.240 (Mon Mar 18 19:03:37 2013)
80.14.120.240 (Mon Mar 18 19:03:40 2013)
80.14.120.240 (Mon Mar 18 19:03:42 2013)
80.14.120.240 (Mon Mar 18 19:03:44 2013)
80.14.120.240 (Mon Mar 18 19:03:47 2013)
80.14.120.240 (Mon Mar 18 19:03:50 2013)
80.14.120.240 (Mon Mar 18 19:03:53 2013)
80.14.120.240 (Mon Mar 18 19:03:56 2013)
80.14.120.240 (Mon Mar 18 19:03:58 2013)
80.14.120.240 (Mon Mar 18 19:04:01 2013)
80.14.120.240 (Mon Mar 18 19:04:04 2013)
80.14.120.240 (Mon Mar 18 19:04:07 2013)
80.14.120.240 (Mon Mar 18 19:04:09 2013)
61.163.113.72 (Mon Mar 18 19:05:30 2013)
61.163.113.72 (Mon Mar 18 19:46:24 2013)
61.163.113.72 (Mon Mar 18 20:27:21 2013)
61.163.113.72 (Mon Mar 18 21:07:48 2013)
60.174.198.14 (Mon Mar 18 21:46:45 2013)
60.174.198.14 (Mon Mar 18 21:46:51 2013)
60.174.198.14 (Mon Mar 18 21:46:56 2013)
60.174.198.14 (Mon Mar 18 21:47:01 2013)
60.174.198.14 (Mon Mar 18 21:47:06 2013)
61.163.113.72 (Mon Mar 18 21:47:06 2013)
60.174.198.14 (Mon Mar 18 21:47:12 2013)
60.174.198.14 (Mon Mar 18 21:47:17 2013)
60.174.198.14 (Mon Mar 18 21:47:22 2013)
60.174.198.14 (Mon Mar 18 21:47:28 2013)
60.174.198.14 (Mon Mar 18 21:47:33 2013)
60.174.198.14 (Mon Mar 18 21:47:42 2013)
60.174.198.14 (Mon Mar 18 21:47:48 2013)
60.174.198.14 (Mon Mar 18 21:47:53 2013)
60.174.198.14 (Mon Mar 18 21:47:58 2013)
60.174.198.14 (Mon Mar 18 21:48:03 2013)
60.174.198.14 (Mon Mar 18 21:48:08 2013)
60.174.198.14 (Mon Mar 18 21:48:13 2013)
60.174.198.14 (Mon Mar 18 21:48:17 2013)
60.174.198.14 (Mon Mar 18 21:48:23 2013)
60.174.198.14 (Mon Mar 18 21:48:28 2013)
60.174.198.14 (Mon Mar 18 21:48:32 2013)
60.174.198.14 (Mon Mar 18 21:48:37 2013)
60.174.198.14 (Mon Mar 18 21:48:41 2013)
60.174.198.14 (Mon Mar 18 21:48:47 2013)
60.174.198.14 (Mon Mar 18 21:48:52 2013)
60.174.198.14 (Mon Mar 18 21:48:58 2013)
60.174.198.14 (Mon Mar 18 21:49:02 2013)
60.174.198.14 (Mon Mar 18 21:49:07 2013)
60.174.198.14 (Mon Mar 18 21:49:12 2013)
60.174.198.14 (Mon Mar 18 21:49:17 2013)
60.174.198.14 (Mon Mar 18 21:49:22 2013)
60.174.198.14 (Mon Mar 18 21:49:27 2013)
60.174.198.14 (Mon Mar 18 21:49:32 2013)
60.174.198.14 (Mon Mar 18 21:49:37 2013)
60.174.198.14 (Mon Mar 18 21:49:41 2013)
60.174.198.14 (Mon Mar 18 21:49:47 2013)
60.174.198.14 (Mon Mar 18 21:49:52 2013)
60.174.198.14 (Mon Mar 18 21:49:57 2013)
60.174.198.14 (Mon Mar 18 21:50:02 2013)
94.23.113.144 (Mon Mar 18 21:59:39 2013)
94.23.113.144 (Mon Mar 18 22:31:32 2013)
94.23.113.144 (Mon Mar 18 22:31:35 2013)
94.23.113.144 (Mon Mar 18 22:31:36 2013)
172.23.8.4 (Mon Mar 18 22:51:38 2013)
172.23.8.4 (Mon Mar 18 22:51:53 2013)
172.23.8.4 (Mon Mar 18 22:51:57 2013)
172.23.8.4 (Mon Mar 18 22:52:03 2013)
172.23.8.4 (Mon Mar 18 22:52:08 2013)
172.23.8.4 (Mon Mar 18 22:52:13 2013)
172.23.8.4 (Mon Mar 18 22:52:18 2013)
172.23.8.4 (Mon Mar 18 22:52:22 2013)
172.23.8.4 (Mon Mar 18 22:52:26 2013)
172.23.8.4 (Mon Mar 18 22:52:31 2013)
Date template hits:
73197 hit(s): MONTH Day Hour:Minute:Second
Success, the total number of match is 2447
However, look at the above section 'Running tests' which could contain important
information.
Revise this Paste