Since my first post has gone *puf*... I'm a longtime user of DenyHosts. I recently installed a new server, running FreeBSD 7.0 on it, and installed DenyHosts 2.6. I chose to do the install where it reads /etc/hosts.deniedssh:
/etc/hosts.allow lines: # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny sshd : /etc/hosts.deniedssh : deny sshd : ALL : allow /etc/hosts.deniedssh: # DenyHosts: Wed May 7 14:24:14 2008 | 165.98.145.4 165.98.145.4 # DenyHosts: Wed May 7 14:24:14 2008 | 211.75.27.90 211.75.27.90 # DenyHosts: Wed May 7 14:24:14 2008 | 220.189.211.130 220.189.211.130 # DenyHosts: Wed May 7 14:24:14 2008 | 218.21.129.118 218.21.129.118 (etcetc) Perms: # ls -l /etc/hosts.* -rw-r--r-- 1 root wheel 3401 Mar 30 05:09 /etc/hosts.allow -rw-r--r-- 1 root wheel 150646 May 12 13:36 /etc/hosts.deniedssh -rw-r--r-- 1 root wheel 149568 May 12 13:36 /etc/hosts.deniedssh.purge.bak But, it doesn't seem to be blocking anything. Daily, my security logs show multiple dictionary attacks: May 11 04:38:13 caduceus sshd[60547]: Failed password for invalid user admin from 124.30.164.50 port 54365 ssh2 May 11 04:38:20 caduceus sshd[60551]: Failed password for invalid user stud from 124.30.164.50 port 54552 ssh2 May 11 04:38:23 caduceus sshd[60553]: Failed password for invalid user trash from 124.30.164.50 port 54631 ssh2 May 11 04:38:26 caduceus sshd[60555]: Failed password for invalid user aaron from 124.30.164.50 port 54723 ssh2 May 11 04:38:29 caduceus sshd[60557]: Failed password for invalid user gt05 from 124.30.164.50 port 54811 ssh2 May 11 04:38:32 caduceus sshd[60559]: Failed password for invalid user william from 124.30.164.50 port 54882 ssh2 May 11 04:38:36 caduceus sshd[60561]: Failed password for invalid user stephanie from 124.30.164.50 port 54960 ssh2 denyhosts.conf: SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.deniedssh PURGE_DENY = 5d BLOCK_SERVICE = DENY_THRESHOLD_INVALID = 5 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/local/share/denyhosts/data SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=NO LOCK_FILE = /var/run/denyhosts.pid ADMIN_EMAIL = [EMAIL PROTECTED] SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts <[EMAIL PROTECTED]> SMTP_SUBJECT = DenyHosts Report SYSLOG_REPORT=YES DAEMON_LOG = /var/log/denyhosts DAEMON_SLEEP = 30s DAEMON_PURGE = 1 SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 SYNC_INTERVAL = 1h SYNC_UPLOAD = yes SYNC_DOWNLOAD = yes SYNC_DOWNLOAD_THRESHOLD = 3 SYNC_DOWNLOAD_RESILIENCY = 5h Any help would be greatly appreciated. Thanks in advance! Best, --Glenn -- ...destination is merely a byproduct of the journey --Eric Hansen ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
