Hello Douga,
What is your DAEMON_SLEEP setting?
What does this show:
grep "root - 202.114.72.48" WORK_DIR/users-hosts
(where WORK_DIR is the path of your WORK_DIR DH setting)
Regards,
Phil
On Fri, 29 May 2009, Douga Shmiffizeck wrote:
>
> hi all...
>
> i installed denyhosts last night and it seems to be working. however here is
> something that i'm not sure about.
>
> this is from the denyhosts.cfg file:
> .......
> SECURE_LOG = /var/log/messages
> DENY_THRESHOLD_INVALID = 5
> DENY_THRESHOLD_ROOT = 1
> ........
>
>
> this is from the messages log:
>
> May 29 10:34:29 dogbitescat sshd[19771]: Invalid user admin lovebia from
> 202.114.72.48
> May 29 10:34:29 dogbitescat sshd[19771]: Failed password for invalid user
> admin lovebia from 202.114.72.48 port 38872 ssh2
> May 29 10:34:32 dogbitescat sshd[19774]: Invalid user root lovebia from
> 202.114.72.48
> May 29 10:34:32 dogbitescat sshd[19774]: Failed password for invalid user
> root lovebia from 202.114.72.48 port 39253 ssh2
> May 29 10:34:35 dogbitescat sshd[19780]: Invalid user oracle lovebia from
> 202.114.72.48
> May 29 10:34:35 dogbitescat sshd[19780]: Failed password for invalid user
> oracle lovebia from 202.114.72.48 port 39605 ssh2
> May 29 10:34:39 dogbitescat sshd[19784]: Invalid user nagios lovebia from
> 202.114.72.48
> May 29 10:34:39 dogbitescat sshd[19784]: error: Could not get shadow
> information for NOUSER
> May 29 10:34:39 dogbitescat sshd[19784]: Failed password for invalid user
> nagios lovebia from 202.114.72.48 port 40002 ssh2
> May 29 10:36:34 dogbitescat sshd[19834]: Failed password for root from
> 202.114.72.48 port 48157 ssh2
> ................................................................
> May 29 10:53:09 dogbitescat sshd[21090]: Failed password for root from
> 202.114.72.48 port 50505 ssh2
> May 29 10:53:12 dogbitescat sshd[21092]: Failed password for root from
> 202.114.72.48 port 51028 ssh2
> May 29 10:53:16 dogbitescat sshd[21095]: Failed password for root from
> 202.114.72.48 port 51459 ssh2
> ................................................................
> May 29 10:55:09 dogbitescat sshd[21189]: Failed password for root from
> 202.114.72.48 port 56868 ssh2
>
>
> and this is from the denyhosts log:
> 2009-05-29 10:34:42,106 - denyhosts : INFO new denied hosts:
> ['202.114.72.48']
>
>
> ok. now my question is if according to the denyhosts log the ip was added at
> 10:34:42 how come there is entries in the messages up till 10:55:09 for root
> tries? there are a lot of tries. about 100 between 10:34:42 and 10:55:09. why
> is that?
>
> thanks....
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
> is a gathering of tech-side developers & brand creativity professionals. Meet
> the minds behind Google Creative Lab, Visual Complexity, Processing, &
> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
> _______________________________________________
> Denyhosts-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/denyhosts-user
>
--
Regards,
Phil Schwartz
- http://www.phil-schwartz.com
Open Source Projects:
- DenyHosts: http://www.denyhosts.net
- Kodos: http://kodos.sourceforge.net
- ReleaseForge: http://releaseforge.sourceforge.net
- Scratchy: http://scratchy.sourceforge.net
- FAQtor: http://faqtor.sourceforge.net
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
