Robert T Wyatt wrote:
Two questions: 1) you never told us the output of: 'ps aux | grep
denyhosts' and 2)
Right, here you go:
root 5756 4.1 1.9 20512 17964 ? S 09:11 2:13
/usr/bin/python /usr/bin/denyhosts --daemon -c /etc/denyhosts.conf
root 6138 0.0 0.0 1404 460 pts/321 S+ 10:05 0:00 grep
--colour=auto denyhosts
how do you reckon the offending IP got into hosts.deny
(through syncing or detection)?
I believe the IP got in through the initial startup of denyhosts. When
I installed denyhosts, I went with the default config to start, which
does not use syncing. Also, hosts.deny did not exist on the server.
When I ran it for the first time:
/etc/init.d/denyhosts start (on a gentoo system)
it took a considerable amount of time for the cursor to return (like 10
minutes), and then I had this big fat /etc/hosts.deny, which included my
own IP! That's when I put myself into hosts.allow.
This morning I noticed the attack I search hosts.deny and saw that this
IP # was comfortably in the middle of the list, further suggesting it is
not a recent entry.
begin:vcard
fn:Kenneth Downs
n:Downs;Kenneth
adr;dom:;;347 Main Street;East Setauket;NY;11733
email;internet:[EMAIL PROTECTED]
tel;work:631-689-7200
tel;fax:631-689-0527
tel;cell:631-379-0010
x-mozilla-html:FALSE
url:http://www.secdat.com
version:2.1
end:vcard
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
