Hi Stefan. Hmm.. this is strange... I was expecting the denyhost log to contain any error messages generated by the plugin.
Could you do me a favour please and pass a few of these IP address to the script manually. If your script is in /etc/denyhosts/notify_isp.rb: /etc/denyhosts/notify_isp.rb reported.ip.address.or.host and observer any generated returned error messages. Also check the /var/log/notify_isp.log for any messages. Cheers. 2008/7/23 SWK <[EMAIL PROTECTED]>: > Hi,.... > > my /var/log/denyhosts - logfile gives me the following lines: > > ... > 2008-07-23 09:19:49,088 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:49,860 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:49,955 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:50,442 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:51,161 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:51,448 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:52,423 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:52,904 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:53,107 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:53,871 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:54,655 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:56,344 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:56,457 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:57,211 - plugin : INFO plugin returned 256 > 2008-07-23 09:19:57,317 - plugin : INFO plugin returned 256 > 2008-07-23 09:20:03,244 - plugin : INFO plugin returned 256 > 2008-07-23 09:20:03,904 - plugin : INFO plugin returned 256 > 2008-07-23 09:20:04,108 - plugin : INFO plugin returned 256 > ... > > What does this mean? > > Greetz ... > > Stefan > > > Nazar Aziz schrieb: >> >> Hi List. >> >> Just wanted to drop a quick email to say that I've developed a >> DenyHosts plugin that will notify the attacker's ISP with an excerpt >> from your sshd log file. I've been running this script for the last >> two days and I've had half a dozen positive replies from system admins >> who've subsequently disconnected offending servers. >> >> Downloaded it here:http://github.com/nazar/report-hack-isp/tree/master >> >> Instructions: http://github.com/nazar/report-hack-isp/wikis >> >> Why I did this: >> >> http://panthersoftware.com/articles/view/5/automatically-report-all-ssh-brute-force-attacks-to-isps >> >> Cheers. >> >> Nazar >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Denyhosts-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >> > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
