[Denyhosts-user] Deny hosts on OS X (macports)

Wed, 18 Aug 2010 18:00:59 -0700 

I have denyhosts installed and running, and it is getting IP addresses via the 
sync server:

2010-08-18 18:14:50,219 - denyfileutil: INFO     num entries purged: 10
2010-08-18 18:14:50,221 - denyfileutil: INFO     num entries purged: 10
2010-08-18 18:14:50,769 - sync        : INFO     received 50 new hosts
2010-08-18 18:14:50,769 - sync        : INFO     received 50 new hosts
2010-08-18 18:14:50,839 - denyhosts   : INFO     received new hosts: 
['65.164.153.141', '79.28.245.69', '61.16.240.36', '217.153.141.202', 
'216.109.204.242', '93.114.41.54', '207.182.98.11', '196.20.78.119', 
'222.237.78.139', '213.228.226.54', '189.91.239.43', '124.217.198.64', 
'189.38.162.14', '116.239.4.86', '216.83.51.180', '99.72.79.16', '189.8.14.66', 
'122.146.68.237', '173.164.143.171', '201.6.106.227', '163.178.101.216', 
'188.72.211.39', '189.47.185.186', '93.51.248.216', '69.3.104.182', 
'211.237.16.105', '70.91.99.233', '86.64.248.252', '125.76.233.111', 
'200.69.103.60', '218.97.161.251', '202.126.44.9', '209.177.229.74', 
'12.231.176.210', '41.78.76.3', '189.114.67.66', '187.4.22.98', '217.17.35.77', 
'80.247.210.16', '121.11.66.70', '79.107.100.250', '79.107.100.254', 
'79.107.100.249', '141.45.176.154', '220.248.195.27', '189.126.110.88', 
'80.24.201.135', '216.127.170.50', '88.52.191.133', '118.217.12.34']
2010-08-18 18:14:50,839 - denyhosts   : INFO     received new hosts: 
['65.164.153.141', '79.28.245.69', '61.16.240.36', '217.153.141.202', 
'216.109.204.242', '93.114.41.54', '207.182.98.11', '196.20.78.119', 
'222.237.78.139', '213.228.226.54', '189.91.239.43', '124.217.198.64', 
'189.38.162.14', '116.239.4.86', '216.83.51.180', '99.72.79.16', '189.8.14.66', 
'122.146.68.237', '173.164.143.171', '201.6.106.227', '163.178.101.216', 
'188.72.211.39', '189.47.185.186', '93.51.248.216', '69.3.104.182', 
'211.237.16.105', '70.91.99.233', '86.64.248.252', '125.76.233.111', 
'200.69.103.60', '218.97.161.251', '202.126.44.9', '209.177.229.74', 
'12.231.176.210', '41.78.76.3', '189.114.67.66', '187.4.22.98', '217.17.35.77', 
'80.247.210.16', '121.11.66.70', '79.107.100.250', '79.107.100.254', 
'79.107.100.249', '141.45.176.154', '220.248.195.27', '189.126.110.88', 
'80.24.201.135', '216.127.170.50', '88.52.191.133', '118.217.12.34']

(yes, every line in the log is duplicated)

But it does not appear to be getting any of the hundreds of thousands of sshd 
attempts that are hitting my server from Chinese and Korean &#$^%*s

I tried to look through the denyhosts files to see what the pattern it uses is, 
but I didn't find it.

the lines in secure.log look like:

Aug 18 18:37:12 cerebus sshd[9612]: Invalid user share from 65.164.153.141
Aug 18 18:37:15 cerebus sshd[9615]: Invalid user share from 65.164.153.141
Aug 18 18:37:19 cerebus sshd[9625]: Invalid user share from 65.164.153.141
Aug 18 18:37:22 cerebus sshd[9630]: Invalid user test03 from 65.164.153.141
Aug 18 18:37:26 cerebus sshd[9634]: Invalid user test03 from 65.164.153.141
Aug 18 18:37:29 cerebus sshd[9637]: Invalid user test03 from 65.164.153.141
Aug 18 18:37:33 cerebus sshd[9649]: Invalid user test03 from 65.164.153.141
Aug 18 18:37:36 cerebus sshd[9652]: Invalid user tested from 65.164.153.141
Aug 18 18:37:40 cerebus sshd[9655]: Invalid user tested from 65.164.153.141
Aug 18 18:37:43 cerebus sshd[9667]: Invalid user tested from 65.164.153.141
Aug 18 18:37:47 cerebus sshd[9670]: Invalid user tested from 65.164.153.141


-- 
I DO NOT HAVE DIPLOMATIC IMMUNITY Bart chalkboard Ep. 9F20


------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to