[Denyhosts-user] Denyhosts ignoring threshold?

John Ciesla Sat, 04 Oct 2008 14:19:07 -0700

I recently installed Denyhosts on my server and it seems to be working well;
I can see it watching for invalid login attempts and then blocking them
after they reach the threshold. However, when I look through the logs I will
occasionally see something like this:


Oct  1 18:54:18 master sshd[12777]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:19 master sshd[12777]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:19 master sshd[12777]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:19 master sshd[12777]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:19 master sshd[12787]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:20 master sshd[12787]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:20 master sshd[12787]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:20 master sshd[12787]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:20 master sshd[12796]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:20 master sshd[12796]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:20 master sshd[12796]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:20 master sshd[12796]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:20 master sshd[12806]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:21 master sshd[12806]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:21 master sshd[12806]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:21 master sshd[12806]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:21 master sshd[12816]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:21 master sshd[12816]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:21 master sshd[12816]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:21 master sshd[12816]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:21 master sshd[12826]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:22 master sshd[12826]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:22 master sshd[12826]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:22 master sshd[12826]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:22 master sshd[12838]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:23 master sshd[12838]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:23 master sshd[12838]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:23 master sshd[12838]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:23 master sshd[12849]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:23 master sshd[12849]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:23 master sshd[12849]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:23 master sshd[12849]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:23 master sshd[12863]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:24 master sshd[12863]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:24 master sshd[12863]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:24 master sshd[12863]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:24 master sshd[12873]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:24 master sshd[12873]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:24 master sshd[12873]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:24 master sshd[12873]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:24 master sshd[12883]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:25 master sshd[12883]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:25 master sshd[12883]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:25 master sshd[12883]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:25 master sshd[12893]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:25 master sshd[12893]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:25 master sshd[12893]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:25 master sshd[12893]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:26 master sshd[12903]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:26 master sshd[12903]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:26 master sshd[12903]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:26 master sshd[12903]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:26 master sshd[12913]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:27 master sshd[12913]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:27 master sshd[12913]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:27 master sshd[12913]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:27 master sshd[12923]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:27 master sshd[12923]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:27 master sshd[12923]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:27 master sshd[12923]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:27 master sshd[12937]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:28 master sshd[12937]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:28 master sshd[12937]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:28 master sshd[12937]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:28 master sshd[12951]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:28 master sshd[12951]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:28 master sshd[12951]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:28 master sshd[12951]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:29 master sshd[12965]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:29 master sshd[12965]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:29 master sshd[12965]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:29 master sshd[12965]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:29 master sshd[12979]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:30 master sshd[12979]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:30 master sshd[12979]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:30 master sshd[12979]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:30 master sshd[12994]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:30 master sshd[12994]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:30 master sshd[12994]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:30 master sshd[12994]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:30 master sshd[13011]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:31 master sshd[13011]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:31 master sshd[13011]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:31 master sshd[13011]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:31 master sshd[13026]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:31 master sshd[13026]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:31 master sshd[13026]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:31 master sshd[13026]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:31 master sshd[13042]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:32 master sshd[13042]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:32 master sshd[13042]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:32 master sshd[13042]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:32 master sshd[13058]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:33 master sshd[13058]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:33 master sshd[13058]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:33 master sshd[13058]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:33 master sshd[13074]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:33 master sshd[13074]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:33 master sshd[13074]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:33 master sshd[13074]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:33 master sshd[13088]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:34 master sshd[13088]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:34 master sshd[13088]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:34 master sshd[13088]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:34 master sshd[13101]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:34 master sshd[13101]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:34 master sshd[13101]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:34 master sshd[13101]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:34 master sshd[13115]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:35 master sshd[13115]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:35 master sshd[13115]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:35 master sshd[13115]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:35 master sshd[13129]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:35 master sshd[13129]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:35 master sshd[13129]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:35 master sshd[13129]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:36 master sshd[13144]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:36 master sshd[13144]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:36 master sshd[13144]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:36 master sshd[13144]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:36 master sshd[13154]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:37 master sshd[13154]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:37 master sshd[13154]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:37 master sshd[13154]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:37 master sshd[13169]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:37 master sshd[13169]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:37 master sshd[13169]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:37 master sshd[13169]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:37 master sshd[13179]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:38 master sshd[13179]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:38 master sshd[13179]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:38 master sshd[13179]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:38 master sshd[13189]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:38 master sshd[13189]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:38 master sshd[13189]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:38 master sshd[13189]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:39 master sshd[13199]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:39 master sshd[13199]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:39 master sshd[13199]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:39 master sshd[13199]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:39 master sshd[13209]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:40 master sshd[13209]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:40 master sshd[13209]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:40 master sshd[13209]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:40 master sshd[13219]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:40 master sshd[13219]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:40 master sshd[13219]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:40 master sshd[13219]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:40 master sshd[13229]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:41 master sshd[13229]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:41 master sshd[13229]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:41 master sshd[13229]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:41 master sshd[13239]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:41 master sshd[13244]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:41 master sshd[13239]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:41 master sshd[13239]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:41 master sshd[13239]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:41 master sshd[13253]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:42 master sshd[13244]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:42 master sshd[13244]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:42 master sshd[13244]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:42 master sshd[13262]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:42 master sshd[13253]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:42 master sshd[13253]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:42 master sshd[13253]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:42 master sshd[13274]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:42 master sshd[13262]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:42 master sshd[13262]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:42 master sshd[13262]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:42 master sshd[13284]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:42 master sshd[13274]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:42 master sshd[13274]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:42 master sshd[13274]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:43 master sshd[13294]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:43 master sshd[13284]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:43 master sshd[13284]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:43 master sshd[13284]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:43 master sshd[13303]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:43 master sshd[13294]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:43 master sshd[13294]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:43 master sshd[13294]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:43 master sshd[13314]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:43 master sshd[13303]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:43 master sshd[13303]: Invalid user admin from 200.56.224.8
Oct  1 18:54:43 master sshd[13303]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:43 master sshd[13323]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:44 master sshd[13314]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:44 master sshd[13314]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:44 master sshd[13314]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:44 master sshd[13334]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:44 master sshd[13323]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:44 master sshd[13323]: Invalid user miquelfi from 200.56.224.8
Oct  1 18:54:44 master sshd[13323]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:44 master sshd[13343]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:44 master sshd[13334]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:44 master sshd[13334]: Invalid user administrator from
200.56.224.8
Oct  1 18:54:44 master sshd[13334]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:44 master sshd[13354]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:45 master sshd[13343]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:45 master sshd[13343]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:45 master sshd[13343]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:45 master sshd[13364]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:45 master sshd[13354]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:45 master sshd[13354]: User _postfix from 200.56.224.8 not
allowed because not listed in AllowUsers
Oct  1 18:54:45 master sshd[13354]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:45 master sshd[13374]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:45 master sshd[13364]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:45 master sshd[13364]: User root from 200.56.224.8 not allowed
because listed in DenyUsers
Oct  1 18:54:45 master sshd[13364]: fatal: initgroups: NOUSER: No such file
or directory
Oct  1 18:54:45 master sshd[13393]: /etc/sshd_config line 70: Unsupported
option KerberosGetAFSToken
Oct  1 18:54:45 master sshd[13393]: refused connect from 200.56.224.8
Oct  1 18:54:45 master sshd[13374]: reverse mapping checking getaddrinfo for
ip-200-56-224-8-mty.marcatel.net.mx [200.56.224.8] failed - POSSIBLE
BREAK-IN ATTEMPT!
Oct  1 18:54:45 master sshd[13374]: User _postfix from 200.56.224.8 not
allowed because not listed in AllowUsers
Oct  1 18:54:45 master sshd[13374]: fatal: initgroups: NOUSER: No such file
or directory

Obviously, there are far more attempts here than there should be; my
threshold values are set to only allow 3 attempts at the maximum. Here is
the output of the Denyhosts log after a restart:

2008-10-02 08:07:12,549 - denyhosts   : INFO     DenyHosts launched with the
following args:
2008-10-02 08:07:12,549 - denyhosts   : INFO
/usr/local/bin/denyhosts.py --daemon
--config=/usr/share/denyhosts/denyhosts.cfg
2008-10-02 08:07:12,549 - prefs       : INFO     DenyHosts configuration
settings:
2008-10-02 08:07:12,549 - prefs       : INFO        ADMIN_EMAIL:
[EMAIL PROTECTED]
2008-10-02 08:07:12,549 - prefs       : INFO        AGE_RESET_INVALID:
[864000]
2008-10-02 08:07:12,550 - prefs       : INFO        AGE_RESET_RESTRICTED:
[2160000]
2008-10-02 08:07:12,550 - prefs       : INFO        AGE_RESET_ROOT:
[2160000]
2008-10-02 08:07:12,550 - prefs       : INFO        AGE_RESET_VALID:
[432000]
2008-10-02 08:07:12,550 - prefs       : INFO
ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
2008-10-02 08:07:12,550 - prefs       : INFO        BLOCK_SERVICE: [ALL]
2008-10-02 08:07:12,550 - prefs       : INFO        DAEMON_LOG:
[/var/log/denyhosts]
2008-10-02 08:07:12,550 - prefs       : INFO
DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s
%(message)s]
2008-10-02 08:07:12,550 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT:
[None]
2008-10-02 08:07:12,551 - prefs       : INFO        DAEMON_PURGE: [600]
2008-10-02 08:07:12,551 - prefs       : INFO        DAEMON_SLEEP: [10]
2008-10-02 08:07:12,551 - prefs       : INFO        DENY_THRESHOLD_INVALID:
[3]
2008-10-02 08:07:12,551 - prefs       : INFO
DENY_THRESHOLD_RESTRICTED: [1]
2008-10-02 08:07:12,551 - prefs       : INFO        DENY_THRESHOLD_ROOT: [1]
2008-10-02 08:07:12,551 - prefs       : INFO        DENY_THRESHOLD_VALID:
[6]
2008-10-02 08:07:12,551 - prefs       : INFO        FAILED_ENTRY_REGEX:
[None]
2008-10-02 08:07:12,551 - prefs       : INFO        FAILED_ENTRY_REGEX2:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        FAILED_ENTRY_REGEX3:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        FAILED_ENTRY_REGEX4:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        FAILED_ENTRY_REGEX5:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        FAILED_ENTRY_REGEX6:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        FAILED_ENTRY_REGEX7:
[None]
2008-10-02 08:07:12,552 - prefs       : INFO        HOSTNAME_LOOKUP: [YES]
2008-10-02 08:07:12,552 - prefs       : INFO        HOSTS_DENY:
[/etc/hosts.deny]
2008-10-02 08:07:12,552 - prefs       : INFO        LOCK_FILE:
[/tmp/denyhosts.lock]
2008-10-02 08:07:12,553 - prefs       : INFO        PLUGIN_DENY: [None]
2008-10-02 08:07:12,553 - prefs       : INFO        PLUGIN_PURGE: [None]
2008-10-02 08:07:12,553 - prefs       : INFO        PURGE_DENY: [604800]
2008-10-02 08:07:12,553 - prefs       : INFO        PURGE_THRESHOLD: [2]
2008-10-02 08:07:12,553 - prefs       : INFO        RESET_ON_SUCCESS: [no]
2008-10-02 08:07:12,553 - prefs       : INFO        SECURE_LOG:
[/var/log/secure.log]
2008-10-02 08:07:12,553 - prefs       : INFO        SMTP_DATE_FORMAT: [%a,
%d %b %Y %H:%M:%S %z]
2008-10-02 08:07:12,553 - prefs       : INFO        SMTP_FROM: [DenyHosts
<xxx.xxx.com>]
2008-10-02 08:07:12,553 - prefs       : INFO        SMTP_HOST: [localhost]
2008-10-02 08:07:12,554 - prefs       : INFO        SMTP_PASSWORD: [None]
2008-10-02 08:07:12,554 - prefs       : INFO        SMTP_PORT: [25]
2008-10-02 08:07:12,554 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts
Report]
2008-10-02 08:07:12,554 - prefs       : INFO        SMTP_USERNAME: [None]
2008-10-02 08:07:12,554 - prefs       : INFO        SSHD_FORMAT_REGEX:
[None]
2008-10-02 08:07:12,554 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX:
[None]
2008-10-02 08:07:12,554 - prefs       : INFO
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
2008-10-02 08:07:12,554 - prefs       : INFO        SYNC_DOWNLOAD: [yes]
2008-10-02 08:07:12,555 - prefs       : INFO
SYNC_DOWNLOAD_RESILIENCY: [18000]
2008-10-02 08:07:12,555 - prefs       : INFO        SYNC_DOWNLOAD_THRESHOLD:
[3]
2008-10-02 08:07:12,555 - prefs       : INFO        SYNC_INTERVAL: [3600]
2008-10-02 08:07:12,555 - prefs       : INFO        SYNC_SERVER: [None]
2008-10-02 08:07:12,555 - prefs       : INFO        SYNC_UPLOAD: [yes]
2008-10-02 08:07:12,555 - prefs       : INFO        SYSLOG_REPORT: [no]
2008-10-02 08:07:12,555 - prefs       : INFO        WORK_DIR:
[/usr/share/denyhosts/data]
2008-10-02 08:07:12,556 - denyhosts   : INFO     restricted: set([])
2008-10-02 08:07:12,557 - denyhosts   : INFO     launching DenyHosts daemon
(version 2.6)...
2008-10-02 08:07:12,561 - denyhosts   : INFO     DenyHosts daemon is now
running, pid: 7732
2008-10-02 08:07:12,562 - denyhosts   : INFO     send daemon process a TERM
signal to terminate cleanly
2008-10-02 08:07:12,562 - denyhosts   : INFO       eg.  kill -TERM 7732
2008-10-02 08:07:12,563 - denyhosts   : INFO     monitoring log:
/var/log/secure.log
2008-10-02 08:07:12,563 - denyhosts   : INFO     sync_time: 3600
2008-10-02 08:07:12,563 - denyhosts   : INFO     daemon_purge:      600
2008-10-02 08:07:12,563 - denyhosts   : INFO     daemon_sleep:      10
2008-10-02 08:07:12,564 - denyhosts   : INFO     purge_sleep_ratio: 60
2008-10-02 08:07:12,564 - denyhosts   : INFO     denyhosts synchronization
disabled

Any idea why sometimes the hacker gets many more attempts than they should?
-John



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

[Denyhosts-user] Denyhosts ignoring threshold?

Reply via email to