I have been running DenyHosts for about few weeks now and it has more or
less done it's job. But just recently I noticed on my daily logwatches
that a few ip's were not being denied. I set the maximum number of tries
for any user name to be 3. But my logs clearly show more tries coming from
ip's.
Example:
################### Logwatch 7.2.1 (01/18/06) ####################
Processing Initiated: Thu Sep 21 04:02:03 2006
Date Range Processed: yesterday
( 2006-Sep-20 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: kylesplace.org
##################################################################
--------------------- Selinux Audit Begin ------------------------
.......
..........
login:
Authentication Failures:
unknown (): 1 Time(s)
Invalid Users:
Unknown Account: 1 Time(s)
sshd:
Authentication Failures:
unknown (137.82.206.83): 13 Time(s)
root (64.34.105.116): 7 Time(s)
unknown (222.91.92.185): 3 Time(s)
unknown (host188-178-static.189-82-b.business.telecomitalia.it): 3
Time(s)
root (211.98.88.125): 1 Time(s)
Invalid Users:
Unknown Account: 19 Time(s)
Notice that one of the ip's (137.82.206.83) has 13 logins failures. Whats
up with that?
OK Now just in case I would like to not that this is my first post in a
sourceforge mailing list or any mailing list for that matter. I hope it
went right.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
