I have applied this and test it looks like its working better, found in
the ubuntu forums...
failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+
\[[0-9.]+\] to \S+:\S+$
\(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect
password\.$
\(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
\(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
Homer Parker wrote:
> On Sun, 2009-08-02 at 13:24 +0200, mrfroasty wrote:
>
>> Actually we are talking about proftp deamon analysed using
>> /var/log/auth.log.
>>
>
> You can play with fail2ban-regex and see what it thinks.
>
>
--
Extra details:
OSS:Gentoo Linux
profile:x86
Hardware:msi geforce 8600GT asus p5k-se
location:/home/muhsin
language(s):C/C++,VB,VHDL,bash,PHP,SQL,HTML,CSS
Typo:40WPM
url:http://www.mzalendo.net
