On Fri, 26 Jan 2007, Kenneth Downs wrote: > problem in short, there is > an IP # that is already in /etc/hosts.deny, but yesterday this IP made 4940 > attempts to login to my box, > here is a few lines of logwatch. Also, denyhosts did not "notice" this or do > anything about it. > 65.208.188.105: 4940 times > root/password: 85 times > robert/password: 60 times > > > This suggests that sshd is not paying attention to /etc/hosts.deny?
/etc/hosts.allow 'beats' /etc/hosts.deny - an IP listed in both will be allowed to login. Make sure that the IP that's hitting you is not listed in hosts.allow. Additionally, are you sure denyhosts is running? What's the output of 'ps aux | grep denyhosts' from a command line? -- D ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
