Ok, This should be here or in ports installation and maintenance, wasn't sure so I started here.
So The original Thread I had was here: http://forums.freebsd.org/showthread.php?t=8047
Um so, I had not had another hack in attempt since getting sshguard talking properly to everything, so I just checked my security report and well....
No time gap between the logging attempts, and obviously not blocking the ip, PLUS I have it set for 5 attempts if you look at my config in the thread link up top. Any Ideas?
Also, There is alot more then just posted but I didn't want to flood the page 'that' bad
So The original Thread I had was here: http://forums.freebsd.org/showthread.php?t=8047
Um so, I had not had another hack in attempt since getting sshguard talking properly to everything, so I just checked my security report and well....
Code:
Nov 12 01:58:59 blurr-ink proftpd[11188]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:00 blurr-ink proftpd[11188]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:01 blurr-ink proftpd[11188]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:01 blurr-ink proftpd[11188]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 01:59:01 blurr-ink proftpd[11188]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 01:59:13 blurr-ink proftpd[11189]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:13 blurr-ink proftpd[11189]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:14 blurr-ink proftpd[11189]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:14 blurr-ink proftpd[11189]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 01:59:14 blurr-ink proftpd[11189]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 01:59:26 blurr-ink proftpd[11190]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:27 blurr-ink proftpd[11190]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:27 blurr-ink proftpd[11190]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:27 blurr-ink proftpd[11190]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 01:59:27 blurr-ink proftpd[11190]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 01:59:39 blurr-ink proftpd[11191]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:40 blurr-ink proftpd[11191]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:41 blurr-ink proftpd[11191]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:41 blurr-ink proftpd[11191]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 01:59:41 blurr-ink proftpd[11191]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 01:59:52 blurr-ink proftpd[11192]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:53 blurr-ink proftpd[11192]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:54 blurr-ink proftpd[11192]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 01:59:54 blurr-ink proftpd[11192]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 01:59:54 blurr-ink proftpd[11192]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 02:00:00 blurr-ink sshguard[10051]: Got exit signal, flushing blocked addresses and exiting...
Nov 12 02:00:00 blurr-ink sshguard[11208]: Started successfully [(a,p,s)=(5, 420, 1200)], now ready to scan.
Nov 12 02:00:05 blurr-ink proftpd[11193]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:06 blurr-ink proftpd[11193]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:07 blurr-ink proftpd[11193]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:07 blurr-ink proftpd[11193]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 02:00:07 blurr-ink proftpd[11193]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 02:00:19 blurr-ink proftpd[11221]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:19 blurr-ink proftpd[11221]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:20 blurr-ink proftpd[11221]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:20 blurr-ink proftpd[11221]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 02:00:20 blurr-ink proftpd[11221]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 02:00:32 blurr-ink proftpd[11223]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:33 blurr-ink proftpd[11223]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:33 blurr-ink proftpd[11223]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:33 blurr-ink proftpd[11223]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 02:00:33 blurr-ink proftpd[11223]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 02:00:45 blurr-ink proftpd[11224]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:46 blurr-ink proftpd[11224]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:46 blurr-ink proftpd[11224]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:46 blurr-ink proftpd[11224]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 02:00:46 blurr-ink proftpd[11224]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
Nov 12 02:00:58 blurr-ink proftpd[11225]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:00:59 blurr-ink proftpd[11225]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:01:00 blurr-ink proftpd[11225]: localhost (219.146.8.75[219.146.8.75]) - USER apache: no such user found from 219.146.8.75 [219.146.8.75] to 192.16
Nov 12 02:01:00 blurr-ink proftpd[11225]: localhost (219.146.8.75[219.146.8.75]) - Maximum login attempts (3) exceeded, connection refused
Nov 12 02:01:00 blurr-ink proftpd[11225]: localhost (219.146.8.75[219.146.8.75]) - FTP session closed.
No time gap between the logging attempts, and obviously not blocking the ip, PLUS I have it set for 5 attempts if you look at my config in the thread link up top. Any Ideas?
Also, There is alot more then just posted but I didn't want to flood the page 'that' bad