With all this talk about DenyHosts, I looked in my ssh log and saw several thousands of attempts at root logins from some Taiwanese IP last week. As a result, I took the time to install DenyHosts: I figured it'd be worth it, and right off the bat it blocked an attacking IP.
Great idea, until about 15 minutes ago, when I got this email: > From: DenyHosts <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: Tue, 20 Dec 2005 00:32:16 -0500 > Subject: DenyHosts Report > > Added the following hosts to /etc/hosts.deny: > > commune.crschmidt.net Okay, so chances are extremely good that I could fix this with better settings, but for now I've shut down the denyhosts daemon until I can figure out what I did wrong. I do see 3 failed password attempts in the last 1000 lines of auth.log, but with 3 of us at the house regularly using SSH, that's not out of the question. And I certainly don't want to wake up in the morning and find out that my ssh access is blocked :) -- Christopher Schmidt Web Developer
signature.asc
Description: Digital signature
