>> Mar 30 11:24:21 localhost sshd[17762]: Address 201.236.88.219 maps to >> webserver.ingenieriaambiental.cl, but this does not map >> back to the address - POSSIBLE BREAKIN ATTEMPT! > > And after that? The next line in the log should be the real break-in > attempt, with a user name and password.
It might not, and I'd advise caution in modifying DenyHosts to add these entries to hosts.deny - all it indicates is that there's a mismatch between forward and reverse DNS entries for a particular IP address. The SSH daemon is doing a reverse lookup on the IP address, and if something is returned, it then does an 'A' record lookup on that. In most cases, this will be fine, but many ISPs aren't too clever about their use of reverse DNS entries. You may even find you lock yourself out, if your own ISP doesn't do things properly. SSH reports it as 'POSSIBLE BREAKIN ATTEMPT', but this is very alarmist - all it should really say is 'Warning, DNS isn't configured properly'. You might want to simply switch off this function in SSH - use the following line in sshd_config: UseDNS no I hope this helps. -- Peter SJF Bance http://www.minstrel.org.uk/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
