diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl
index 86d93fe61..34546b713 100644
--- a/config/guardian/guardian.pl
+++ b/config/guardian/guardian.pl
@@ -106,6 +106,10 @@ for (;;) {
 					$temp = $array[11];
 				}
 				&checkssh ($temp, "possible SSH-Bruteforce Attack");}
+
+			# This should catch Bruteforce Attacks with enabled preauth
+			if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):.*\[preauth\]/) {
+				&checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");}
 			}
 	}
 
@@ -424,4 +428,4 @@ sub get_aliases {
 	}
 
 	print "done \n";
-}
\ No newline at end of file
+}
diff --git a/lfs/guardian b/lfs/guardian
index fea50db0c..a91fbd9ab 100644
--- a/lfs/guardian
+++ b/lfs/guardian
@@ -30,7 +30,7 @@ THISAPP    = guardian-$(VER)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = guardian
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = ""