Pavel Kosina wrote: > I've got the log full of such a things: > > Mar 30 11:24:21 localhost sshd[17762]: Address 201.236.88.219 maps to > webserver.ingenieriaambiental.cl, but this does not map > back to the address - POSSIBLE BREAKIN ATTEMPT!
And after that? The next line in the log should be the real break-in attempt, with a user name and password. > How to add it to denyhosts? If, as you say, the log is full of those messages and there is nothing else from the same IP address... you could add them by using a user regex (in denyhosts.conf), something like: USERDEF_FAILED_ENTRY_REGEX=Address (?P<user>\S+) maps .* does not map .* -- René Berber ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
