You are here: Home » Reply

Reply To: Failed Authentications

#9232

mas
Participant

And my mt-daapd.log is even by default world readable. UUUUhhh. No idea if that is because I messed with it a long time ago or if the make install installs it with the WRONG permissions. But world readable logs with cleartext passwords are not so good. Please check up on that as well.

This is by the way how ssh logs things to auth.conf:


Apr 16 20:23:57 schnecke sshd[14453]: Did not receive identification string from 61.51.17.161
(Some asshole tried to login to my ssh server with empty pw)

Apr 21 02:39:05 schnecke sshd[7249]: Failed password for invalid user admin from 208.70.255.64 port
49033 ssh2
(Some idiot trying to use a wordbook attack on the non existing user admin)



The best thing would be to log it in a very similar way than ssh does, because then my denyhosts script could immediately block such IPs as I do block all these nerds trying their pathetic ssh breakin attempts. denyhosts also has a function to share these IPs world-wide so if someone tries to breakin on my computer they get blocked world-wide by all denyhost users. 😎

My suggestion for a format to log these failed attempt would therefore be something like:
Apr 21 02:39:05 schnecke mt-daapd[3453]: Failed password for user admin from 208.70.255.64 port 3689 mt-daapd