Thank you pfSense team!



  • thanks pfSense team! I am a long time user and i just recently set up my first VPN on 1.2.3 using DynDNS on both endpoints. installation and configuration was simple.

    pfSense gives me confidence over stuff like this:

    
    Jul 19 22:49:58	sshd[5979]: Invalid user list from 114.143.7.8
    Jul 19 22:49:58	sshd[5979]: Failed password for invalid user list from 114.143.7.8 port 37790 ssh2
    Jul 19 22:50:00	sshd[5990]: Invalid user eleve from 114.143.7.8
    Jul 19 22:50:00	sshd[5990]: Failed password for invalid user eleve from 114.143.7.8 port 38610 ssh2
    Jul 19 22:50:03	sshd[6007]: Failed password for proxy from 114.143.7.8 port 39404 ssh2
    Jul 19 22:50:07	sshd[6010]: Invalid user sys from 114.143.7.8
    Jul 19 22:50:07	sshd[6010]: Failed password for invalid user sys from 114.143.7.8 port 40036 ssh2
    Jul 19 22:50:09	sshd[6012]: Invalid user zzz from 114.143.7.8
    Jul 19 22:50:09	sshd[6012]: Failed password for invalid user zzz from 114.143.7.8 port 41015 ssh2
    Jul 19 22:50:12	sshd[6015]: Invalid user frank from 114.143.7.8
    Jul 19 22:50:12	sshd[6015]: Failed password for invalid user frank from 114.143.7.8 port 41501 ssh2
    Jul 19 22:50:14	sshd[6017]: Invalid user dan from 114.143.7.8
    Jul 19 22:50:14	sshd[6017]: Failed password for invalid user dan from 114.143.7.8 port 42232 ssh2
    Jul 19 22:50:18	sshd[6020]: Invalid user james from 114.143.7.8
    Jul 19 22:50:18	sshd[6020]: Failed password for invalid user james from 114.143.7.8 port 43091 ssh2
    Jul 19 22:50:20	sshd[6023]: Invalid user snort from 114.143.7.8
    Jul 19 22:50:20	sshd[6023]: Failed password for invalid user snort from 114.143.7.8 port 43652 ssh2
    Jul 19 22:50:23	sshd[6025]: Invalid user radiomail from 114.143.7.8
    Jul 19 22:50:23	sshd[6025]: Failed password for invalid user radiomail from 114.143.7.8 port 44389 ssh2
    Jul 19 22:50:26	sshd[6028]: Invalid user harrypotter from 114.143.7.8
    Jul 19 22:50:26	sshd[6028]: Failed password for invalid user harrypotter from 114.143.7.8 port 45007 ssh2
    Jul 19 22:50:28	sshd[6030]: Invalid user divine from 114.143.7.8
    Jul 19 22:50:28	sshd[6030]: Failed password for invalid user divine from 114.143.7.8 port 45680 ssh2
    Jul 19 22:50:31	sshd[6033]: Invalid user popa3d from 114.143.7.8
    Jul 19 22:50:31	sshd[6033]: Failed password for invalid user popa3d from 114.143.7.8 port 46319 ssh2
    Jul 19 22:50:33	sshd[6035]: Invalid user aptproxy from 114.143.7.8
    Jul 19 22:50:33	sshd[6035]: Failed password for invalid user aptproxy from 114.143.7.8 port 47022 ssh2
    Jul 19 22:50:37	sshd[6038]: Invalid user desktop from 114.143.7.8
    Jul 19 22:50:37	sshd[6038]: Failed password for invalid user desktop from 114.143.7.8 port 47572 ssh2
    Jul 19 22:50:39	sshd[6040]: Invalid user workshop from 114.143.7.8
    Jul 19 22:50:39	sshd[6040]: Failed password for invalid user workshop from 114.143.7.8 port 48439 ssh2
    Jul 19 22:50:42	sshd[6043]: Failed password for mailnull from 114.143.7.8 port 49008 ssh2
    Jul 19 22:50:45	sshd[6045]: Invalid user nfsnobody from 114.143.7.8
    Jul 19 22:50:45	sshd[6045]: Failed password for invalid user nfsnobody from 114.143.7.8 port 49793 ssh2
    Jul 19 22:50:47	sshd[6048]: Invalid user rpcuser from 114.143.7.8
    Jul 19 22:50:47	sshd[6048]: Failed password for invalid user rpcuser from 114.143.7.8 port 50582 ssh2
    Jul 19 22:50:50	sshd[6050]: Invalid user rpc from 114.143.7.8
    Jul 19 22:50:50	sshd[6050]: Failed password for invalid user rpc from 114.143.7.8 port 51062 ssh2
    Jul 19 22:50:52	sshd[6054]: Invalid user gopher from 114.143.7.8
    Jul 19 22:50:52	sshd[6054]: Failed password for invalid user gopher from 114.143.7.8 port 51833 ssh2
    
    


  • @ghetek:

    thanks pfSense team! I am a long time user and i just recently set up my first VPN on 1.2.3 using DynDNS on both endpoints. installation and configuration was simple.

    pfSense gives me confidence over stuff like this:

    
    Jul 19 22:49:58	sshd[5979]: Invalid user list from 114.143.7.8
    Jul 19 22:49:58	sshd[5979]: Failed password for invalid user list from 114.143.7.8 port 37790 ssh2
    Jul 19 22:50:00	sshd[5990]: Invalid user eleve from 114.143.7.8
    Jul 19 22:50:00	sshd[5990]: Failed password for invalid user eleve from 114.143.7.8 port 38610 ssh2
    Jul 19 22:50:03	sshd[6007]: Failed password for proxy from 114.143.7.8 port 39404 ssh2
    Jul 19 22:50:07	sshd[6010]: Invalid user sys from 114.143.7.8
    Jul 19 22:50:07	sshd[6010]: Failed password for invalid user sys from 114.143.7.8 port 40036 ssh2
    Jul 19 22:50:09	sshd[6012]: Invalid user zzz from 114.143.7.8
    Jul 19 22:50:09	sshd[6012]: Failed password for invalid user zzz from 114.143.7.8 port 41015 ssh2
    Jul 19 22:50:12	sshd[6015]: Invalid user frank from 114.143.7.8
    Jul 19 22:50:12	sshd[6015]: Failed password for invalid user frank from 114.143.7.8 port 41501 ssh2
    Jul 19 22:50:14	sshd[6017]: Invalid user dan from 114.143.7.8
    Jul 19 22:50:14	sshd[6017]: Failed password for invalid user dan from 114.143.7.8 port 42232 ssh2
    Jul 19 22:50:18	sshd[6020]: Invalid user james from 114.143.7.8
    Jul 19 22:50:18	sshd[6020]: Failed password for invalid user james from 114.143.7.8 port 43091 ssh2
    Jul 19 22:50:20	sshd[6023]: Invalid user snort from 114.143.7.8
    Jul 19 22:50:20	sshd[6023]: Failed password for invalid user snort from 114.143.7.8 port 43652 ssh2
    Jul 19 22:50:23	sshd[6025]: Invalid user radiomail from 114.143.7.8
    Jul 19 22:50:23	sshd[6025]: Failed password for invalid user radiomail from 114.143.7.8 port 44389 ssh2
    Jul 19 22:50:26	sshd[6028]: Invalid user harrypotter from 114.143.7.8
    Jul 19 22:50:26	sshd[6028]: Failed password for invalid user harrypotter from 114.143.7.8 port 45007 ssh2
    Jul 19 22:50:28	sshd[6030]: Invalid user divine from 114.143.7.8
    Jul 19 22:50:28	sshd[6030]: Failed password for invalid user divine from 114.143.7.8 port 45680 ssh2
    Jul 19 22:50:31	sshd[6033]: Invalid user popa3d from 114.143.7.8
    Jul 19 22:50:31	sshd[6033]: Failed password for invalid user popa3d from 114.143.7.8 port 46319 ssh2
    Jul 19 22:50:33	sshd[6035]: Invalid user aptproxy from 114.143.7.8
    Jul 19 22:50:33	sshd[6035]: Failed password for invalid user aptproxy from 114.143.7.8 port 47022 ssh2
    Jul 19 22:50:37	sshd[6038]: Invalid user desktop from 114.143.7.8
    Jul 19 22:50:37	sshd[6038]: Failed password for invalid user desktop from 114.143.7.8 port 47572 ssh2
    Jul 19 22:50:39	sshd[6040]: Invalid user workshop from 114.143.7.8
    Jul 19 22:50:39	sshd[6040]: Failed password for invalid user workshop from 114.143.7.8 port 48439 ssh2
    Jul 19 22:50:42	sshd[6043]: Failed password for mailnull from 114.143.7.8 port 49008 ssh2
    Jul 19 22:50:45	sshd[6045]: Invalid user nfsnobody from 114.143.7.8
    Jul 19 22:50:45	sshd[6045]: Failed password for invalid user nfsnobody from 114.143.7.8 port 49793 ssh2
    Jul 19 22:50:47	sshd[6048]: Invalid user rpcuser from 114.143.7.8
    Jul 19 22:50:47	sshd[6048]: Failed password for invalid user rpcuser from 114.143.7.8 port 50582 ssh2
    Jul 19 22:50:50	sshd[6050]: Invalid user rpc from 114.143.7.8
    Jul 19 22:50:50	sshd[6050]: Failed password for invalid user rpc from 114.143.7.8 port 51062 ssh2
    Jul 19 22:50:52	sshd[6054]: Invalid user gopher from 114.143.7.8
    Jul 19 22:50:52	sshd[6054]: Failed password for invalid user gopher from 114.143.7.8 port 51833 ssh2
    
    

    In regards to the above, can PfSense automatically ignore requests from certain IP's based on let's say 10 authentication failures as you can set in WebMin for Linux? As in an automated black-list functionality?



  • Mcrane is putting together a denyhosts package here soon. If you want to block these bad guys now and install Denyhosts you can follow my numbered steps on the denyhosts package bounty.

    Depending on your denyhosts settings you will be able to permantly block these addresses and also get ip blacklists from a centrial denyhosts server that tracks all bad ips just like this one.


Log in to reply