- gunakan commnad berikut untuk mengetahui fail autentikasi per IP
# awk '/auth failed/ {for (i=1;i<=NF;i=i+1) if ($i~/rip/) print $i}' /var/log/maillog |sort|uniq -c|sort -n| tail
12 rip=223.255.228.87,
13 rip=114.124.141.10,
14 rip=111.94.212.75,
15 rip=103.10.67.166,
15 rip=103.23.202.26,
15 rip=223.255.228.94,
18 rip=223.255.228.105,
18 rip=223.255.228.89,
25 rip=2406:2400:c0:a708:1014:156e:9dcd:8d7a,
504 rip=111.68.124.38,
2. blok di csf misal : IP 111.68.124.38 504 kali fail .
csf -d <ipaddress>
Related Posts:
(Visited 85 times, 1 visits today)