Glenn Sieb wrote: [snip] > /etc/hosts.deniedssh: > # DenyHosts: Wed May 7 14:24:14 2008 | 165.98.145.4 > 165.98.145.4 > # DenyHosts: Wed May 7 14:24:14 2008 | 211.75.27.90 > 211.75.27.90 > # DenyHosts: Wed May 7 14:24:14 2008 | 220.189.211.130 > 220.189.211.130 > # DenyHosts: Wed May 7 14:24:14 2008 | 218.21.129.118 > 218.21.129.118 > (etcetc) > > Perms: > # ls -l /etc/hosts.* > -rw-r--r-- 1 root wheel 3401 Mar 30 05:09 /etc/hosts.allow > -rw-r--r-- 1 root wheel 150646 May 12 13:36 /etc/hosts.deniedssh > -rw-r--r-- 1 root wheel 149568 May 12 13:36 > /etc/hosts.deniedssh.purge.bak > > But, it doesn't seem to be blocking anything. Daily, my security logs > show multiple dictionary attacks: > > May 11 04:38:13 caduceus sshd[60547]: Failed password for invalid user admin > from 124.30.164.50 port 54365 ssh2 [snip]
Look at DenyHost's log, did it add 124.30.164.50? then its working. Does sshd block hosts on your list? For instance grep your security log for "connection refused", those are the blockings. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
