Redirected to the list. -------- Original Message -------- Subject: Re: [Denyhosts-user] Removing a host Date: Wed, 19 Mar 2008 11:35:57 -0600 From: Slipp3d <[EMAIL PROTECTED]> To: René Berber <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
René Berber wrote: > Joop Beris wrote: > > [snip] > >>>> - Stop the denyhosts daemon. >>>> - Remove the host from /etc/hosts.deny >>>> - Added the host to /[WORK-DIR]/allowed-hosts >>>> - Removed the host from all other files in /[WORK-DIR] >>>> - Removed the offending lines from the syslog so it would not be picked >>>> up again by denyhosts >>>> >>> This step may be the problem: if you manually change the log file >>> denyhosts detects that it changed and scans it again. >>> >> If I did not do this step, Denyhosts would pick up the IP address again >> from /var/log/messages, where my syslog leaves its logging. At least, that >> is >> what I thought. >> Also, with this host no longer being IN /var/log/messages, after starting >> the >> Denyhosts daemon, how did Denyhosts pick the IP address up again? I think >> the >> above steps get rid of any trace that this host was/should be blocked? >> >> >>>> - Started the denyhosts daemon >>>> >>> Where did you see the step that changes the log? If it is in the FAQ, I >>> think it should be corrected. >>> >> It's not in the FAQ. >> After I did it the FAQ way, the IP address got dumped back in >> /etc/hosts.deny >> almost right away. The only way that was possible, or so I thought, was if >> Denyhosts re-scanned /var/log/messages, discovered the IP and blocked it >> again. So I followed the FAQ again and removed the lines >> from /var/log/messages. >> >> So without the IP address being present in /var/log/messages, and without >> the >> IP address being present in any file in the work-dir EXCEPT allowed-hosts, >> how did the host get added back to /etc/hosts.deny?? Any thoughts? >> > > Yes, you are reporting 3 different problems : > > 1) Adding the IP to allowed-hosts didn't prevent it from being > black-listed again. > > 2) Deleting the IP from all work files, after stoping DH, didn't prevent > the IP from being added. > > 3) Deleting the IP from the log ... same problem. > > One explanation to the last 2 problems is that the IP got added to the > sync server and you are receiving it again and again. If you show the > IP, or at least the last 2 octets, we could search our local list and > see if it is there. Are you sync-ing at all? > > Another, also partial, explanation could be that you are starting DH > with an option that causes it to re-scan the log. That could be -debug > or --ignore. Of course that doesn't explain (3). > > I don't have an explanation for problem (1) other than you have a > problem with permissions (DH can't read the allowed-hosts file), syntax > (the name of the file or its contents)... you could check those problems > in DH's log, when it starts it shows exactly the options it is using, > including what it found in that file. > I think that is what happened to my ip(got added to the sync server so I had to stop using it the sync server and tighten up the configs. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
