Hello,

I receive a lot of new hosts multiple times from
xmlrpc.denyhosts.net:9911. For instance if I take a random IP, such as
173.0.61.101, and look in the log, it appears on several lines:

> $ grep 173.0.61.101 /var/log/denyhosts
> 2011-02-20 09:20:50,412 - denyhosts   : INFO     received new hosts: 
> ['72.167.46.77', '116.55.227.91', '124.42.35.72', '86.109.98.130', 
> '41.223.216.49', '219.238.94.17', '121.14.118.4', '221.8.71.48', 
> '173.201.28.6', '203.28.51.14', '88.191.133.70', '98.129.251.69', 
> '180.210.206.138', '212.50.120.177', '205.209.97.101', '173.0.61.101', 
> '188.138.38.170', '204.15.133.133', '200.98.216.4', '208.43.7.210']
> 2011-02-20 11:21:08,155 - denyhosts   : INFO     received new hosts: 
> ['189.52.199.54', '218.85.133.204', '222.222.194.187', '58.137.188.100', 
> '141.41.33.199', '85.25.153.113', '210.245.166.74', '76.92.229.72', 
> '61.187.56.27', '217.199.164.242', '200.71.9.10', '203.199.194.81', 
> '60.191.165.58', '212.50.120.177', '205.209.97.101', '173.0.61.101', 
> '121.8.210.61', '211.241.149.51', '188.138.38.170', '204.15.133.133', 
> '121.10.243.21', '84.10.59.161', '81.174.67.200', '203.113.137.188', 
> '80.191.111.100', '124.248.35.109', '72.167.46.77', '41.141.56.18']
> 2011-02-20 23:33:36,578 - denyhosts   : INFO     received new hosts: 
> ['201.76.60.99', '218.57.146.140', '59.148.239.204', '79.14.218.125', 
> '46.109.161.196', '202.155.33.134', '203.28.51.14', '188.132.221.188', 
> '109.203.102.139', '218.108.249.44', '121.14.195.176', '195.84.48.29', 
> '186.19.241.67', '124.228.136.143', '80.82.20.177', '190.2.31.57', 
> '212.50.120.177', '205.209.97.101', '173.0.61.101', '87.106.63.254', 
> '189.126.6.49', '188.138.38.170', '184.154.127.206', '69.57.166.69', 
> '218.91.46.202', '85.189.11.138', '195.97.219.13', '178.63.120.181', 
> '82.200.168.242', '46.20.5.55', '210.240.60.130', '87.236.136.35', 
> '187.45.193.137', '195.222.51.21', '88.191.133.70', '194.0.159.110', 
> '81.57.183.148', '88.46.67.250', '211.156.177.84', '217.172.179.128', 
> '188.127.231.236', '61.7.235.213', '38.98.172.154']
> 2011-02-21 00:38:47,508 - denyhosts   : INFO     received new hosts: 
> ['70.25.110.130', '222.87.184.178', '46.20.5.55', '122.193.26.122', 
> '186.42.174.229', '218.206.224.134', '74.208.205.172', '86.98.82.203', 
> '200.186.223.137', '182.61.128.39', '203.28.51.14', '213.4.113.215', 
> '41.203.119.18', '119.245.190.243', '122.146.40.72', '61.180.240.17', 
> '140.113.88.231', '218.203.218.45', '88.191.133.70', '202.27.218.75', 
> '88.46.67.250', '87.106.63.254', '120.199.64.54', '204.51.171.163', 
> '195.242.247.91', '212.50.120.177', '205.209.97.101',  173.0.61.101', 
> '188.138.38.170', '204.15.133.133', '184.154.127.206', '217.127.74.9', 
> '38.98.172.154', '203.90.136.76', '121.243.126.98', '58.180.17.52']
> 2011-02-21 01:08:51,730 - denyhosts   : INFO     received new hosts: 
> ['187.45.234.250', '173.0.61.101', '188.138.38.170', '184.154.127.206', 
> '211.156.177.84', '78.36.40.52', '121.14.2.165', '59.173.18.122', 
> '211.229.157.179', '217.172.179.128', '24.38.98.116', '210.19.140.170', 
> '81.57.183.148', '88.191.133.70', '109.203.102.139', '212.110.161.140', 
> '180.168.49.101', '85.114.141.142', '202.43.147.210', '203.28.51.14', 
> '202.126.35.133', '200.21.232.166', '189.62.62.91', '82.109.248.6', 
> '208.89.209.141', '86.106.82.47', '221.238.253.85']
> 2011-02-21 01:23:53,917 - denyhosts   : INFO     received new hosts: 
> ['76.92.229.72', '212.50.120.177', '205.209.97.101', '173.0.61.101', 
> '188.138.38.170', '121.243.126.98', '184.154.127.206', '217.172.179.128', 
> '200.170.171.221', '200.71.9.10', '189.114.67.66', '202.41.0.4', 
> '201.52.140.54', '187.45.234.250', '195.242.247.91', '194.0.159.110', 
> '60.213.44.50', '85.217.190.69', '114.80.100.241', '121.10.243.21', 
> '213.17.201.50']
> 2011-02-21 02:14:01,534 - denyhosts   : INFO     received new hosts: 
> ['173.0.61.101', '66.183.4.21', '188.138.38.170', '204.15.133.133', 
> '184.154.127.206', '193.137.203.231', '203.229.186.240', '188.96.66.148', 
> '121.10.243.21', '203.28.51.14', '202.65.223.245', '218.108.0.77', 
> '119.188.7.166', '158.49.245.102', '114.80.100.241', '212.88.122.130', 
> '67.215.230.239', '221.122.22.78', '218.14.203.205', '88.191.133.70', 
> '208.43.99.198', '124.232.137.163', '66.11.123.195', '200.234.197.163', 
> '187.45.234.250', '46.109.161.196']

However it appears only once in /etc/hosts.deny:

> $ grep 173.0.61.101 /etc/hosts.deny
> # DenyHosts: Wed Feb 16 16:56:17 2011 | sshd: 173.0.61.101
> sshd: 173.0.61.101

Every IP is duplicated on many "received new hosts". It is not purged
between two receptions. I expect I should get each host only once…

Is it due to my configuration file or something else? Is it normal? I
have the following variables on an Ubuntu 10.04.2 box:

> SECURE_LOG = /var/log/auth.log
> HOSTS_DENY = /etc/hosts.deny
> PURGE_DENY = 1w
> PURGE_THRESHOLD = 2
> BLOCK_SERVICE  = sshd
> DENY_THRESHOLD_INVALID = 3
> DENY_THRESHOLD_VALID = 5
> DENY_THRESHOLD_ROOT = 1
> DENY_THRESHOLD_RESTRICTED = 1
> WORK_DIR = /var/lib/denyhosts
> SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
> HOSTNAME_LOOKUP=YES
> LOCK_FILE = /var/run/denyhosts.pid
> ADMIN_EMAIL = root@localhost
> SMTP_HOST = localhost
> SMTP_PORT = 25
> SMTP_FROM = DenyHosts <nobody@localhost>
> SMTP_SUBJECT = DenyHosts Report
> AGE_RESET_VALID=5d
> AGE_RESET_ROOT=25d
> AGE_RESET_RESTRICTED=25d
> AGE_RESET_INVALID=10d
> DAEMON_LOG = /var/log/denyhosts
> DAEMON_SLEEP = 30s
> DAEMON_PURGE = 1h
> SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
> SYNC_INTERVAL = 5m
> SYNC_UPLOAD = yes
> SYNC_DOWNLOAD = yes
> SYNC_DOWNLOAD_THRESHOLD = 3


Regards,
Xavier Robin

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to