Does a valid connection also log a similar line in your logfile? If so, then DH can't do anything with it since it would be unable to discern a valid login's "Connection from" line vs. a hack attempts.
Otherwise, if valid connections don't log that message you can add a custom regex to your DH cfg file: http://denyhosts.sourceforge.net/faq.html#custom_regex I wouldn't worry too much about a portscan since it's not a hack attempt per se. It might lead to one eventually but chances are they're looking for one of millions of Microsoft services to exploit. Regards, Phil On Sun, 23 Jul 2006, daedalus wrote: > Hi there, > > I have this question. > Last night I had someone who tried to log on via my sshd > The thing is, denyhosts did not do anything (and yes, daemon is running ;) > ) > > > Jul 23 01:53:38 localhost sshd[30239]: Connection from > ::ffff:62.121.184.84port 10469 > Jul 23 01:58:11 localhost sshd[30252]: Connection from > ::ffff:62.121.184.84port 11134 > Jul 23 02:03:09 localhost sshd[30919]: Connection from > ::ffff:62.121.184.84port 11799 > Jul 23 02:09:49 localhost sshd[30971]: Connection from > ::ffff:62.121.184.84port 12748 > Jul 23 02:13:46 localhost sshd[30987]: Connection from > ::ffff:62.121.184.84port 13411 > Jul 23 02:18:09 localhost sshd[31005]: Connection from > ::ffff:62.121.184.84port 14078 > Jul 23 02:23:36 localhost sshd[31024]: Connection from > ::ffff:62.121.184.84port 14878 > > > > After I put this ip address myself in hosts.deny (I was going to bed), the > rest of the night this ip still came up in my log (so it seams to me that > this was not some portscan or so..) > > > I am using Debian Sarge and I have seen denyhosts working before > (I tested it and my test server is now in the hosts.deny ;) ) > > So my guess it, it has to do with some tweaking of the settings... but what > settings? > > Please advise > -- Regards, Phil Schwartz - http://www.phil-schwartz.com Open Source Projects: - DenyHosts: http://www.denyhosts.net - Kodos: http://kodos.sourceforge.net - ReleaseForge: http://releaseforge.sourceforge.net - Scratchy: http://scratchy.sourceforge.net - FAQtor: http://faqtor.sourceforge.net ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
