I have this question.
Last night I had someone who tried to log on via my sshd
The thing is, denyhosts did not do anything (and yes, daemon is running ;) )
Jul 23 01:53:38 localhost sshd[30239]: Connection from ::ffff: 62.121.184.84 port 10469
Jul 23 01:58:11 localhost sshd[30252]: Connection from ::ffff:62.121.184.84 port 11134
Jul 23 02:03:09 localhost sshd[30919]: Connection from ::ffff: 62.121.184.84 port 11799
Jul 23 02:09:49 localhost sshd[30971]: Connection from ::ffff:62.121.184.84 port 12748
Jul 23 02:13:46 localhost sshd[30987]: Connection from ::ffff: 62.121.184.84 port 13411
Jul 23 02:18:09 localhost sshd[31005]: Connection from ::ffff:62.121.184.84 port 14078
Jul 23 02:23:36 localhost sshd[31024]: Connection from ::ffff: 62.121.184.84 port 14878
After I put this ip address myself in hosts.deny (I was going to bed), the rest of the night this ip still came up in my log (so it seams to me that this was not some portscan or so..)
I am using Debian Sarge and I have seen denyhosts working before
(I tested it and my test server is now in the hosts.deny ;) )
So my guess it, it has to do with some tweaking of the settings... but what settings?
Please advise
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
