René Berber wrote: > Pavel Kosina wrote: > >> I've got the log full of such a things: >> >> Mar 30 11:24:21 localhost sshd[17762]: Address 201.236.88.219 maps to >> webserver.ingenieriaambiental.cl, but this does not map >> back to the address - POSSIBLE BREAKIN ATTEMPT! > > And after that? The next line in the log should be the real break-in > attempt, with a user name and password. > >> How to add it to denyhosts? > > If, as you say, the log is full of those messages and there is nothing > else from the same IP address... you could add them by using a user > regex (in denyhosts.conf), something like: > > USERDEF_FAILED_ENTRY_REGEX=Address (?P<user>\S+) maps .* does not map .*
Oops! sorry, it should say: USERDEF_FAILED_ENTRY_REGEX=Address (?P<host>\S+) maps .* does not map .* -- René Berber ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
