Hello i installed bfd latest version.
i got a new mail from bfd service.
---
The remote system euid=0 was found to have exceeded acceptable login failures on "myserver"; there was 23 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d euid=0 {bfd.sshd}
The following are event logs from euid=0 on service sshd (all time stamps are GMT +0100):
Dec 6 10:44:47 server sshd[28722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
Dec 6 10:44:49 server sshd[28725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
Dec 6 10:44:52 server sshd[28735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
Dec 6 10:44:54 server sshd[28737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
Dec 6 10:44:56 server sshd[28739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
Dec 6 10:44:59 server sshd[28749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.137.1.253
....
....
--------
What is mean = "/etc/apf/apf -d euid=0"
This is a bug? or how to make true ips?
A other mail (from bfd)
TRUE:
----
The remote system 209.51.143.178 was found to have exceeded acceptable login failures on "myserver"; there was 22 events to the service sshd. As such the attacking host has been banned from further accessing this system. For the integrity of your host you should investigate this event as soon as possible.
Executed ban command:
/etc/apf/apf -d 209.51.143.178 {bfd.sshd}
The following are event logs from 209.51.143.178 on service sshd (all time stamps are GMT +0100):
Dec 6 17:08:54 server sshd[19792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.51.143.178 user=root
Dec 6 17:08:55 server sshd[19792]: Failed password for root from 209.51.143.178 port 38663 ssh2
Dec 6 16:08:55 server sshd[19793]: Received disconnect from 209.51.143.178: 11: Bye Bye
Dec 6 17:08:56 server sshd[19794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.51.143.178 user=root
Dec 6 17:08:59 server sshd[19794]: Failed password for root from 209.51.143.178 port 38893 ssh2
Dec 6 16:08:59 server sshd[19795]: Received disconnect from 209.51.143.178: 11: Bye Bye
Dec 6 17:09:00 server sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.51.143.178 user=root
...
...
-----
Please help me.