Page 1 of 1

Failed to getpwnam

Posted: 29 Dec 2013, 22:16
by BassTeQ
Hi all,

I'm seeing quite a few entries in my logs that look like the below, only changing the username. Looks like someone is trying to guess user/pass combinations. It appears like CSF isn't blocking these failed login attempts, any idea why? Im using the latest CSF version.

Code: Select all

Dec 29 13:39:15 server3 authdaemond: Failed to getpwnam for user dell
Dec 29 14:00:16 server3 authdaemond: Failed to getpwnam for user lenovo
Dec 29 14:21:49 server3 authdaemond: Failed to getpwnam for user advent
Dec 29 14:44:57 server3 authdaemond: Failed to getpwnam for user apple
Dec 29 14:44:57 server3 authdaemond: Failed to getpwnam for user apple
Dec 29 14:44:58 server3 authdaemond: Failed to getpwnam for user apple
Dec 29 14:46:58 server3 authdaemond: Cpanel::MailAuth: Failed to getpwnam for user apple
Dec 29 14:46:58 server3 authdaemond: Failed to getpwnam for user apple
Dec 29 14:46:58 server3 authdaemond: Failed to getpwnam for user apple
Dec 29 15:07:28 server3 authdaemond: Cpanel::MailAuth: Failed to getpwnam for user benq
Dec 29 15:12:07 server3 authdaemond: Failed to getpwnam for user benq
Dec 29 15:12:07 server3 authdaemond: Cpanel::MailAuth: Failed to getpwnam for user benq
Dec 29 15:12:08 server3 authdaemond: Failed to getpwnam for user benq


Re: Failed to getpwnam

Posted: 30 Dec 2013, 17:12
by ForumAdmin
There's nothing there to block, lfd can only block an IP address from a log line if there is an IP address reported and that regex is configured in regex.pm

Re: Failed to getpwnam

Posted: 30 Dec 2013, 23:48
by BassTeQ
No worries, thanks for the reply!