# new package? finding attackers provider and sending anemail?

## e3k

is there some spam package which would figure out what provider did give an account to a an infiltrated bot machine?

then it could send an emal in human or even some .xml to the provider and inform him about this so that the end user

fixes his shit?

E

----------

## NeddySeagoon

e3k,

For spam, no. email headers are easy to forge and on spam, they usually are.

After all, the last this a spammer wants is a reply to he sending address.

You can do such things against automated ssh attacks, as the attacker must send a real IP, or he will not get any response.

----------

## e3k

yes it was ment for ssh attacks. do we have something like that in portage?

----------

## NeddySeagoon

e3k,

Not as far as I am aware. You could end up auto spamming ISPs if you were not careful.

There is fail2ban which will add the IP to your list of IPs to drop after a number of failed attempts to log in.

The bot just goes away when it gets no response.

Meanwhile. don't permit root logins. Use key based logins only, if you must use user/password pairs, enforce strong passwords.

Keep an eye on your logs and ignore the noise.

----------

## e3k

thx for info Neddy,

ad fail2ban: yes i am playing now with it right now.

ad root login false: sure

ad key based login: sure

i was opening this thread because i just wanted to check if there is allready some technology which would inform the providers or even the end users about bots automaticaly, but maybe i am asking just too soon.

----------

