Hi all,
I've been getting a lot of BFM alerts that look like this in the recent days. I get tons of email alerts as a result and because the attempts are from a different IP each time, they don't get filtered/blocked.
1. Is it safe to disable email alerts for these attacks?
2. Is there a way to let CSF read these logs and disable root user for a certain period?
3. Can CSF immediately block any IP that attempts to login with root entirely except for an allowed IP list? (I have root login disabled for SSH so they will never manage to get in but I would like to block any IP that tries)
Thanks
I've been getting a lot of BFM alerts that look like this in the recent days. I get tons of email alerts as a result and because the attempts are from a different IP each time, they don't get filtered/blocked.
1. Is it safe to disable email alerts for these attacks?
2. Is there a way to let CSF read these logs and disable root user for a certain period?
3. Can CSF immediately block any IP that attempts to login with root entirely except for an allowed IP list? (I have root login disabled for SSH so they will never manage to get in but I would like to block any IP that tries)
Thanks
| 2020-08-15 19:56 (1) | 104.248.160.58 | root | 1 | sshd4 | Aug 15 19:55:28 da7 sshd[1548443]: Failed password for invalid user root from 104.248.160.58 port 35724 ssh2 | |
| 2020-08-15 19:40 (1) | 106.12.199.30 | root | 1 | sshd4 | Aug 15 19:39:18 da7 sshd[1544644]: Failed password for invalid user root from 106.12.199.30 port 59106 ssh2 | |
| 2020-08-15 19:36 (2) | 13.68.137.194 | root | 1 | sshd4 | Aug 15 19:35:58 da7 sshd[1544045]: Failed password for invalid user root from 13.68.137.194 port 58572 ssh2 | |
| 2020-08-15 19:36 (1) | 51.68.198.75 | root | 1 | sshd4 | Aug 15 19:35:36 da7 sshd[1543966]: Failed password for invalid user root from 51.68.198.75 port 39850 ssh2 | |
| 2020-08-15 19:30 (1) | 34.87.52.86 | root | 1 | sshd4 | Aug 15 19:29:49 da7 sshd[1542773]: Failed password for invalid user root from 34.87.52.86 port 59330 ssh2 | |
| 2020-08-15 19:29 (1) | 27.154.242.142 | root | 1 | sshd4 | Aug 15 19:29:00 da7 sshd[1542607]: Failed password for invalid user root from 27.154.242.142 port 50113 ssh2 | |
| 2020-08-15 19:28 (1) | 106.75.119.202 | root | 1 | sshd4 | Aug 15 19:27:05 da7 sshd[1542272]: Failed password for invalid user root from 106.75.119.202 port 41713 ssh2 | |
| 2020-08-15 19:22 (1) | 94.228.182.244 | root | 1 | sshd4 | Aug 15 19:21:44 da7 sshd[1541268]: Failed password for invalid user root from 94.228.182.244 port 43927 ssh2 | |
| 2020-08-15 19:15 (1) | 195.12.137.210 | root | 1 | sshd4 | Aug 15 19:14:22 da7 sshd[1539817]: Failed password for invalid user root from 195.12.137.210 port 48600 ssh2 | |
| 2020-08-15 19:10 (1) | 65.49.210.231 | root | 1 | sshd4 | Aug 15 19:09:20 da7 sshd[1538829]: Failed password for invalid user root from 65.49.210.231 port 60200 ssh2 | |
| 2020-08-15 19:01 (1) | 51.145.141.8 | root | 1 | sshd4 | Aug 15 19:00:20 da7 sshd[1537242]: Failed password for invalid user root from 51.145.141.8 port 40492 ssh2 | |
| 2020-08-15 18:47 (1) | 129.211.185.246 | root | 1 | sshd4 | Aug 15 18:46:31 da7 sshd[1533888]: Failed password for invalid user root from 129.211.185.246 port 33650 ssh2 | |
| 2020-08-15 18:38 (1) | 78.110.158.254 | root | 1 | sshd4 | Aug 15 18:37:13 da7 sshd[1532183]: Failed password for invalid user root from 78.110.158.254 port 43410 ssh2 | |
| 2020-08-15 18:32 (1) | 193.112.16.245 | root | 1 | sshd4 | Aug 15 18:31:09 da7 sshd[1531035]: Failed password for invalid user root from 193.112.16.245 port 51084 ssh2 | |
| 2020-08-15 18:29 (1) | 51.91.8.222 | root | 1 | sshd4 | Aug 15 18:28:05 da7 sshd[1530385]: Failed password for invalid user root from 51.91.8.222 port 41492 ssh2 | |
| 2020-08-15 18:28 (1) | 49.207.185.52 | root | 1 | sshd4 | Aug 15 18:27:18 da7 sshd[1530236]: Failed password for invalid user root from 49.207.185.52 port 51710 ssh2 | |
| 2020-08-15 18:09 (1) | 159.192.143.249 | root | 1 | sshd4 | Aug 15 18:08:30 da7 sshd[1526647]: Failed password for invalid user root from 159.192.143.249 port 40940 ssh2 | |
| 2020-08-15 17:59 (1) | 61.145.178.134 | root | 1 | sshd4 | Aug 15 17:58:07 da7 sshd[1524700]: Failed password for invalid user root from 61.145.178.134 port 51554 ssh2 | |
| 2020-08-15 17:48 (1) | 183.103.35.229 | root | 1 | sshd4 | Aug 15 17:47:29 da7 sshd[1522014]: Failed password for invalid user root from 183.103.35.229 port 60668 ssh2 | |
| 2020-08-15 17:26 (1) | 106.12.56.41 | root | 1 | sshd4 | Aug 15 17:25:35 da7 sshd[1518099]: Failed password for invalid user root from 106.12.56.41 port 40268 ssh2 | |
| 2020-08-15 17:21 (1) | 218.18.161.186 | root | 1 | sshd4 | Aug 15 17:20:51 da7 sshd[1517181]: Failed password for invalid user root from 218.18.161.186 port 50458 ssh2 | |
| 2020-08-15 17:17 (1) | 139.186.76.101 | root | 1 | sshd4 | Aug 15 17:16:17 da7 sshd[1516294]: Failed password for invalid user root from 139.186.76.101 port 60902 ssh2 | |
| 2020-08-15 17:12 (2) | 186.206.157.34 | root | 1 | sshd4 | Aug 15 17:11:53 da7 sshd[1515381]: Failed password for invalid user root from 186.206.157.34 port 43272 ssh2 | |
| 2020-08-15 17:12 (1) | 149.202.164.82 | root | 1 | sshd4 | Aug 15 17:11:46 da7 sshd[1515338]: Failed password for invalid user root from 149.202.164.82 port 33712 ssh2 | |
| 2020-08-15 17:09 (1) | 106.13.31.93 | root | 1 | sshd4 | Aug 15 17:08:38 da7 sshd[1514678]: Failed password for invalid user root from 106.13.31.93 port 34360 ssh2 | |
| 2020-08-15 17:03 (2) | 35.188.49.176 | root | 1 | sshd4 | Aug 15 17:02:30 da7 sshd[1513586]: Failed password for invalid user root from 35.188.49.176 port 58514 ssh2 | |
| 2020-08-15 17:03 (1) | 14.219.237.133 | root | 1 | sshd4 | Aug 15 17:02:04 da7 sshd[1513485]: Failed password for invalid user root from 14.219.237.133 port 53157 ssh2 | |
| 2020-08-15 17:00 (1) | 129.226.190.18 | root | 1 | sshd4 | Aug 15 16:59:58 da7 sshd[1512965]: Failed password for invalid user root from 129.226.190.18 port 60392 ssh2 | |
| 2020-08-15 16:53 (1) | 203.172.66.227 | root | 1 | sshd4 | Aug 15 16:52:28 da7 sshd[1511642]: Failed password for invalid user root from 203.172.66.227 port 43690 ssh2 | |
| 2020-08-15 16:36 (1) | 175.139.202.201 | root | 1 | sshd4 | Aug 15 16:35:03 da7 sshd[1507682]: Failed password for invalid user root from 175.139.202.201 port 56138 ssh2 | |
| 2020-08-15 16:31 (2) | 106.12.26.167 | root | 1 | sshd4 | Aug 15 16:30:21 da7 sshd[1506876]: Failed password for invalid user root from 106.12.26.167 port 35408 ssh2 | |
| 2020-08-15 16:31 (1) | 176.122.159.131 | root | 1 | sshd4 | Aug 15 16:30:12 da7 sshd[1506830]: Failed password for invalid user root from 176.122.159.131 port 33908 ssh2 | |
| 2020-08-15 16:26 (1) | 222.239.124.19 | root | 1 | sshd4 | Aug 15 16:25:34 da7 sshd[1505936]: Failed password for invalid user root from 222.239.124.19 port 45308 ssh2 | |
| 2020-08-15 16:22 (1) | 202.188.20.123 | root | 1 | sshd4 | Aug 15 16:21:26 da7 sshd[1505104]: Failed password for invalid user root from 202.188.20.123 port 42874 ssh2 | |
| 2020-08-15 16:18 (1) | 166.111.68.25 | root | 1 | sshd4 | Aug 15 16:17:23 da7 sshd[1504308]: Failed password for invalid user root from 166.111.68.25 port 46478 ssh2 |
