Fail2Ban – its working.

Fail2Ban incomming!

I just caught a rackspace host ssh’ing!

Hi,

The IP 5.79.6.226 has just been banned by Fail2Ban after
3 attempts against ssh.

Here are more information about 5.79.6.226:

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the “-B” flag.

% Information related to ‘5.79.0.0 – 5.79.7.255’

% Abuse contact for ‘5.79.0.0 – 5.79.7.255’ is ‘[email protected]

inetnum:        5.79.0.0 – 5.79.7.255
netname:        RSPC-UK-Rackspace-Cloud-Servers
descr:          Rackspace Cloud Servers IP Space
country:        GB
admin-c:        IA247-RIPE
tech-c:         IA247-RIPE
status:         ASSIGNED PA
mnt-by:         RSPC-MNT
remarks:        INFRA-AW
source:         RIPE # Filtered

person:         IP Admin
address:        Rackspace Hosting 5000 Walzem, San Antonio, Texas 78218
phone:          +1 210 312 4000
fax-no:         +1 210 312 4000
nic-hdl:        IA247-RIPE
remarks:        ###  Rackspace Abuse Department
remarks:        ###  Please send any complaints to the following:
remarks:        ###  [email protected]
mnt-by:         RSPC-MNT
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS1)

Regards,

Fail2Ban

Loggly search result
loggly – Rackspace IP caught trying to root me!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.