PDA

View Full Version : Choon Simple Intrusion Detection System (CSIDS) for WHM/cPanel Linux Servers

choon
08-04-2005, 06:29 PM
Dear valued CHOON.NET managed customers,

I am proud to announce the following are included in your WHM/cPanel Linux Servers that are managed by me:


SSH Brute-force Protection, Email Blocking & Unblocking Alert
POP3 Brute-force Protection, Email Blocking & Unblocking Alert
FTP Brute-force Protection, Email Blocking & Unblocking Alert
SMTP Incoming Viruses Protection, Email Blocking & Unblocking Alert
HTTP INVALID PACKET Flood Protection, Email Blocking & Unblocking Alert
cPanel Brute-force Protection, Email Blocking & Unblocking Alert
WHM Brute-force Protection, Email Blocking & Unblocking Alert
WebMail Brute-force Protection, Email Blocking & Unblocking Alert


Please note that cPanel/WHM/WebMail via SSL which is using stunnel are not protected due to the login log will show as IP 127.0.0.1 which is localhost thus it will be better that you ask me to disable it after you have updated/informed all your clients.

If you have any question regarding the above, you are free to ask in the private forum allocated to you.

Thanks.

Kindest regards,
choon
08-06-2005, 03:49 AM
See snapshot ;)

Sample Email Alert:
Subject: Block Alert! 203.186.114.26 Port 22 - HOSTNAME
This is an alert from HOSTNAME Choon Simple Intrusion Detection System!

The IP address 203.186.114.26 has been blocked to reach your server
TCP PORT 22 by the firewall due to it is making over 5
attempts within 86400 seconds.

The block for this IP address will be lifted after 86400 seconds.

The detected log from this particular IP address as below for your
reference:
---------------------------------------------------------------------
Aug 6 03:31:48 HOSTNAME sshd[5215]: Failed password for root from 203.186.114.26 port 59767 ssh2
Aug 6 03:31:48 HOSTNAME sshd[5216]: Failed password for root from 203.186.114.26 port 60267 ssh2
Aug 6 03:31:50 HOSTNAME sshd[5220]: Failed password for root from 203.186.114.26 port 59429 ssh2
Aug 6 03:31:51 HOSTNAME sshd[5222]: Failed password for root from 203.186.114.26 port 62407 ssh2
Aug 6 03:31:51 HOSTNAME sshd[5223]: Failed password for root from 203.186.114.26 port 60009 ssh2
Aug 6 03:31:53 HOSTNAME sshd[5273]: Failed password for root from 203.186.114.26 port 60975 ssh2
Aug 6 03:31:54 HOSTNAME sshd[5275]: Failed password for root from 203.186.114.26 port 64533 ssh2
Aug 6 03:31:57 HOSTNAME sshd[5279]: Failed password for root from 203.186.114.26 port 60331 ssh2
Aug 6 03:31:58 HOSTNAME sshd[5317]: Failed password for root from 203.186.114.26 port 64923 ssh2
Aug 6 03:31:58 HOSTNAME sshd[5318]: Failed password for root from 203.186.114.26 port 60495 ssh2
---------------------------------------------------------------------