Aug 24 19:53:02 foo sshd[30344]: warning: /etc/hosts.deny, line 7113: can't verify hostname: getaddrinfo(89-119-11-58-static.albacom.net, AF_INET) failed Aug 24 19:53:04 foo sshd[30344]: reverse mapping checking getaddrinfo for 89-119-11-58-static.albacom.net [89.119.11.58] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 24 19:53:04 pilot sshd[30345]: Received disconnect from 89.119.11.58: 11: Bye Bye
I've been getting connections like this for quite a while now - I'll typically see this during the middle of the night, and can get one of these per second for up to a half hour. Eventually, I'll get user login attempts from the offending IP address, which will fail - after that, the host will be added to hosts.deny I know that denyhosts has the USERDEF_FAILED_ENTRY_REGEX option in the config file, but the examples in the FAQ aren't telling me what my regex needs to return in order to be flagged by denyhosts - is the regex supposed to return the offending IP address, or what? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
