Hello, I receive a lot of new hosts multiple times from xmlrpc.denyhosts.net:9911. For instance if I take a random IP, such as 173.0.61.101, and look in the log, it appears on several lines:
> $ grep 173.0.61.101 /var/log/denyhosts > 2011-02-20 09:20:50,412 - denyhosts : INFO received new hosts: > ['72.167.46.77', '116.55.227.91', '124.42.35.72', '86.109.98.130', > '41.223.216.49', '219.238.94.17', '121.14.118.4', '221.8.71.48', > '173.201.28.6', '203.28.51.14', '88.191.133.70', '98.129.251.69', > '180.210.206.138', '212.50.120.177', '205.209.97.101', '173.0.61.101', > '188.138.38.170', '204.15.133.133', '200.98.216.4', '208.43.7.210'] > 2011-02-20 11:21:08,155 - denyhosts : INFO received new hosts: > ['189.52.199.54', '218.85.133.204', '222.222.194.187', '58.137.188.100', > '141.41.33.199', '85.25.153.113', '210.245.166.74', '76.92.229.72', > '61.187.56.27', '217.199.164.242', '200.71.9.10', '203.199.194.81', > '60.191.165.58', '212.50.120.177', '205.209.97.101', '173.0.61.101', > '121.8.210.61', '211.241.149.51', '188.138.38.170', '204.15.133.133', > '121.10.243.21', '84.10.59.161', '81.174.67.200', '203.113.137.188', > '80.191.111.100', '124.248.35.109', '72.167.46.77', '41.141.56.18'] > 2011-02-20 23:33:36,578 - denyhosts : INFO received new hosts: > ['201.76.60.99', '218.57.146.140', '59.148.239.204', '79.14.218.125', > '46.109.161.196', '202.155.33.134', '203.28.51.14', '188.132.221.188', > '109.203.102.139', '218.108.249.44', '121.14.195.176', '195.84.48.29', > '186.19.241.67', '124.228.136.143', '80.82.20.177', '190.2.31.57', > '212.50.120.177', '205.209.97.101', '173.0.61.101', '87.106.63.254', > '189.126.6.49', '188.138.38.170', '184.154.127.206', '69.57.166.69', > '218.91.46.202', '85.189.11.138', '195.97.219.13', '178.63.120.181', > '82.200.168.242', '46.20.5.55', '210.240.60.130', '87.236.136.35', > '187.45.193.137', '195.222.51.21', '88.191.133.70', '194.0.159.110', > '81.57.183.148', '88.46.67.250', '211.156.177.84', '217.172.179.128', > '188.127.231.236', '61.7.235.213', '38.98.172.154'] > 2011-02-21 00:38:47,508 - denyhosts : INFO received new hosts: > ['70.25.110.130', '222.87.184.178', '46.20.5.55', '122.193.26.122', > '186.42.174.229', '218.206.224.134', '74.208.205.172', '86.98.82.203', > '200.186.223.137', '182.61.128.39', '203.28.51.14', '213.4.113.215', > '41.203.119.18', '119.245.190.243', '122.146.40.72', '61.180.240.17', > '140.113.88.231', '218.203.218.45', '88.191.133.70', '202.27.218.75', > '88.46.67.250', '87.106.63.254', '120.199.64.54', '204.51.171.163', > '195.242.247.91', '212.50.120.177', '205.209.97.101', 173.0.61.101', > '188.138.38.170', '204.15.133.133', '184.154.127.206', '217.127.74.9', > '38.98.172.154', '203.90.136.76', '121.243.126.98', '58.180.17.52'] > 2011-02-21 01:08:51,730 - denyhosts : INFO received new hosts: > ['187.45.234.250', '173.0.61.101', '188.138.38.170', '184.154.127.206', > '211.156.177.84', '78.36.40.52', '121.14.2.165', '59.173.18.122', > '211.229.157.179', '217.172.179.128', '24.38.98.116', '210.19.140.170', > '81.57.183.148', '88.191.133.70', '109.203.102.139', '212.110.161.140', > '180.168.49.101', '85.114.141.142', '202.43.147.210', '203.28.51.14', > '202.126.35.133', '200.21.232.166', '189.62.62.91', '82.109.248.6', > '208.89.209.141', '86.106.82.47', '221.238.253.85'] > 2011-02-21 01:23:53,917 - denyhosts : INFO received new hosts: > ['76.92.229.72', '212.50.120.177', '205.209.97.101', '173.0.61.101', > '188.138.38.170', '121.243.126.98', '184.154.127.206', '217.172.179.128', > '200.170.171.221', '200.71.9.10', '189.114.67.66', '202.41.0.4', > '201.52.140.54', '187.45.234.250', '195.242.247.91', '194.0.159.110', > '60.213.44.50', '85.217.190.69', '114.80.100.241', '121.10.243.21', > '213.17.201.50'] > 2011-02-21 02:14:01,534 - denyhosts : INFO received new hosts: > ['173.0.61.101', '66.183.4.21', '188.138.38.170', '204.15.133.133', > '184.154.127.206', '193.137.203.231', '203.229.186.240', '188.96.66.148', > '121.10.243.21', '203.28.51.14', '202.65.223.245', '218.108.0.77', > '119.188.7.166', '158.49.245.102', '114.80.100.241', '212.88.122.130', > '67.215.230.239', '221.122.22.78', '218.14.203.205', '88.191.133.70', > '208.43.99.198', '124.232.137.163', '66.11.123.195', '200.234.197.163', > '187.45.234.250', '46.109.161.196'] However it appears only once in /etc/hosts.deny: > $ grep 173.0.61.101 /etc/hosts.deny > # DenyHosts: Wed Feb 16 16:56:17 2011 | sshd: 173.0.61.101 > sshd: 173.0.61.101 Every IP is duplicated on many "received new hosts". It is not purged between two receptions. I expect I should get each host only onceā¦ Is it due to my configuration file or something else? Is it normal? I have the following variables on an Ubuntu 10.04.2 box: > SECURE_LOG = /var/log/auth.log > HOSTS_DENY = /etc/hosts.deny > PURGE_DENY = 1w > PURGE_THRESHOLD = 2 > BLOCK_SERVICE = sshd > DENY_THRESHOLD_INVALID = 3 > DENY_THRESHOLD_VALID = 5 > DENY_THRESHOLD_ROOT = 1 > DENY_THRESHOLD_RESTRICTED = 1 > WORK_DIR = /var/lib/denyhosts > SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES > HOSTNAME_LOOKUP=YES > LOCK_FILE = /var/run/denyhosts.pid > ADMIN_EMAIL = root@localhost > SMTP_HOST = localhost > SMTP_PORT = 25 > SMTP_FROM = DenyHosts <nobody@localhost> > SMTP_SUBJECT = DenyHosts Report > AGE_RESET_VALID=5d > AGE_RESET_ROOT=25d > AGE_RESET_RESTRICTED=25d > AGE_RESET_INVALID=10d > DAEMON_LOG = /var/log/denyhosts > DAEMON_SLEEP = 30s > DAEMON_PURGE = 1h > SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 > SYNC_INTERVAL = 5m > SYNC_UPLOAD = yes > SYNC_DOWNLOAD = yes > SYNC_DOWNLOAD_THRESHOLD = 3 Regards, Xavier Robin ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
