brute force attack

[Anton]

IP 175.143.53.113 has 122 failed login attempts: exim3=122

is it enough to add this ip to block in configserver firewall or is there something else i need to do to prevent this from happening ?

 

[scsi]

If it is blocked at your firewall they will never be able to get any further.

 

[Anton]

thank you very much for that it is in block on configserver firewall

 

[Nexxterra.com]

You need to install bfd/apf or something similar... there are many more of those to come!

 

[Anton]

Thank you all for the tip's i have install a few and everything should be good now but i am wondering about chkrootkit the download url is down do you guys know of

anyother url for it for me to download from i would like to have it run with rkhunter.

 

[scsi]

You should be installing it with yum or apt-get.

If you just want the source code this should work:

http://ftp.de.debian.org/debian/pool/main/c/chkrootkit/chkrootkit_0.49.orig.tar.gz

 

[Anton]

You should be installing it with yum or apt-get.

If you just want the source code this should work:

http://ftp.de.debian.org/debian/pool/main/c/chkrootkit/chkrootkit_0.49.orig.tar.gz

yum install chkrootkit

Setting up Install Process
No package chkrootkit available.
Error: Nothing to do

 

[scsi]

Do this:

If you use centos 6:

rpm -ivh http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-7.noarch.rpm

If you use centos 5:

rpm -ivh http://epel.mirror.freedomvoice.com/5/i386/epel-release-5-4.noarch.rpm

Then do:

yum -y install chkrootkit

You can read more about EPEL here:

http://fedoraproject.org/wiki/EPEL

 

[Anton]

ofcourse thank you very much for the help.