[Denyhosts-user] multiple root login tries

Douga Shmiffizeck Fri, 29 May 2009 10:34:26 -0700

hi all...

i installed denyhosts last night and it seems to be working. however here is 
something that i'm not sure about.


this is from the denyhosts.cfg file:
.......
SECURE_LOG = /var/log/messages
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_ROOT = 1
........


this is from the messages log:

May 29 10:34:29 dogbitescat sshd[19771]: Invalid user admin lovebia from 
202.114.72.48
May 29 10:34:29 dogbitescat sshd[19771]: Failed password for invalid user admin 
lovebia from 202.114.72.48 port 38872 ssh2
May 29 10:34:32 dogbitescat sshd[19774]: Invalid user root lovebia from 
202.114.72.48
May 29 10:34:32 dogbitescat sshd[19774]: Failed password for invalid user root 
lovebia from 202.114.72.48 port 39253 ssh2
May 29 10:34:35 dogbitescat sshd[19780]: Invalid user oracle lovebia from 
202.114.72.48
May 29 10:34:35 dogbitescat sshd[19780]: Failed password for invalid user 
oracle lovebia from 202.114.72.48 port 39605 ssh2
May 29 10:34:39 dogbitescat sshd[19784]: Invalid user nagios lovebia from 
202.114.72.48
May 29 10:34:39 dogbitescat sshd[19784]: error: Could not get shadow 
information for NOUSER
May 29 10:34:39 dogbitescat sshd[19784]: Failed password for invalid user 
nagios lovebia from 202.114.72.48 port 40002 ssh2
May 29 10:36:34 dogbitescat sshd[19834]: Failed password for root from 
202.114.72.48 port 48157 ssh2
................................................................
May 29 10:53:09 dogbitescat sshd[21090]: Failed password for root from 
202.114.72.48 port 50505 ssh2
May 29 10:53:12 dogbitescat sshd[21092]: Failed password for root from 
202.114.72.48 port 51028 ssh2
May 29 10:53:16 dogbitescat sshd[21095]: Failed password for root from 
202.114.72.48 port 51459 ssh2
................................................................
May 29 10:55:09 dogbitescat sshd[21189]: Failed password for root from 
202.114.72.48 port 56868 ssh2


and this is from the denyhosts log:
2009-05-29 10:34:42,106 - denyhosts   : INFO     new denied hosts: 
['202.114.72.48']


ok. now my question is if according to the denyhosts log the ip was added at 
10:34:42 how come there is entries in the messages up till 10:55:09 for root 
tries? there are a lot of tries. about 100 between 10:34:42 and 10:55:09. why 
is that?

thanks....







      

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT 
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian 
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com 
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

[Denyhosts-user] multiple root login tries

Reply via email to