This appears to be a harmless error thought on the archives i saw 2 people using debian where denyhost did not block the attacker in my case i see discrepancies between my var/log/messages and denyhost log
denyhost log: 2007-07-16 17:54:50,839 - denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing 'host' group line repeats 5 more times and then 2007-07-16 17:54:50,919 - denyhosts : INFO new denied hosts: ['210.13.124.20'] here is entry in /var/log/messages Jul 16 17:54:21 pepino sshd[22196]: User nobody from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:21 pepino sshd[22196]: Failed password for invalid user nobody from 210.13.124.20 port 34831 ssh2 Jul 16 17:54:23 pepino sshd[22198]: Invalid user patrick from 210.13.124.20 Jul 16 17:54:23 pepino sshd[22198]: Failed password for invalid user patrick from 210.13.124.20 port 34913 ssh2 Jul 16 17:54:26 pepino sshd[22200]: Invalid user patrick from 210.13.124.20 Jul 16 17:54:26 pepino sshd[22200]: Failed password for invalid user patrick from 210.13.124.20 port 34992 ssh2 Jul 16 17:54:29 pepino sshd[22202]: User root from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:29 pepino sshd[22202]: Failed password for invalid user root from 210.13.124.20 port 35074 ssh2 Jul 16 17:54:31 pepino sshd[22204]: User root from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:31 pepino sshd[22204]: Failed password for invalid user root from 210.13.124.20 port 35159 ssh2 Jul 16 17:54:34 pepino sshd[22206]: User root from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:34 pepino sshd[22206]: Failed password for invalid user root from 210.13.124.20 port 35236 ssh2 Jul 16 17:54:37 pepino sshd[22208]: User root from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:37 pepino sshd[22208]: Failed password for invalid user root from 210.13.124.20 port 35316 ssh2 Jul 16 17:54:39 pepino sshd[22210]: User root from 210.13.124.20 not allowed because not listed in AllowUsers Jul 16 17:54:39 pepino sshd[22210]: Failed password for invalid user root from 210.13.124.20 port 35399 ssh2 Jul 16 17:54:42 pepino sshd[22212]: Invalid user rolo from 210.13.124.20 Jul 16 17:54:42 pepino sshd[22212]: Failed password for invalid user rolo from 210.13.124.20 port 35472 ssh2 Jul 16 17:54:44 pepino sshd[22214]: Invalid user iceuser from 210.13.124.20 Jul 16 17:54:44 pepino sshd[22214]: Failed password for invalid user iceuser from 210.13.124.20 port 35554 ssh2 Jul 16 17:54:47 pepino sshd[22216]: Invalid user horde from 210.13.124.20 Jul 16 17:54:47 pepino sshd[22216]: Failed password for invalid user horde from 210.13.124.20 port 35631 ssh2 Jul 16 17:54:50 pepino sshd[22218]: Invalid user cyrus from 210.13.124.20 Jul 16 17:54:50 pepino sshd[22218]: Failed password for invalid user cyrus from 210.13.124.20 port 35714 ssh2 Jul 16 17:54:50 pepino denyhosts: Added the following hosts to /etc/hosts.deny - 210.13.124.20 (unknown) Jul 16 17:54:51 pepino clamd[3184]: SelfCheck: Database status OK. Jul 16 17:54:52 pepino sshd[22220]: Invalid user www from 210.13.124.20 Jul 16 17:54:52 pepino sshd[22220]: Failed password for invalid user www from 210.13.124.20 port 35785 ssh2 i also see the ip in /etc/hosts.deny. so it appears in my case denyhost dealt with the attacker, so what does that error mean >>>>>> 2007-07-16 17:54:50,839 - denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing 'host' group thanks, this is my second day using denyhost looked thru faq and docs and archieve and did not get a clear indication of what is error.... using slackware 12 OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 Python 2.5.1 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
