[TriLUG] hosts.deny problem FIXED!!!!!

Wed, 08 Mar 2006 20:41:30 -0800

I think I found the problem!! Whhohhooo!!!! The report said the top one in the list was refused but not the rest. the top one is ALL CAPS! I missed that!! I think that will fix the problem!!! 


WA Brown




# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!



    # protocol: IP address or wildcard
       #  smtp: 216.27.9.180
       #  sshd: 70.85.111.114
       #  ALL: .trilug.org

           ALL: 61.134.32.*
           All: 211.171.*.*
           All: 61.220.*.*
           All: 212.71.*.*
           All: 213.179.*.*
           All: 81.25.*.*
           All: 216.180.225.162
           All: 219.107.*.*
           All: 68.3.31.253
           All: 66.228.*.*
           All: 24.162.142.170
           All: 217.174.*.*
           All: 66.70.*.*
           All: 125.248.*.*
           All: 210.241.*.*
           All: 159.169.*.*
           All: 216.228.*.*
           All: 23.13.158.72
           All: 125.*.*.*
           All: 66.235.*.*
           All: 61.31.*.*
           All: 217.37.72.233





My Report

--------------------- pam_unix Begin ------------------------ 


sshd:
 Authentication Failures:
    root (c66-235-35-101.sea2.cablespeed.com): 524 Time(s)
    root (125.244.53.194): 15 Time(s)
    root (host217-37-72-233.in-addr.btopenworld.com): 3 Time(s)
    fax (www.idlsystems.idlsystems.com): 1 Time(s)
    root (kato.ps): 1 Time(s)

su:
 Sessions Opened:
    (uid=0) -> news: 2 Time(s)
    wab(uid=500) -> root: 1 Time(s)

vsftpd:
 Unknown Entries:

    authentication failure; logname= uid=0 euid=0 tty= ruser= 
rhost=219.81.19.30 : 2253 Time(s)

    check pass; user unknown: 2253 Time(s)



---------------------- pam_unix End ------------------------- 




--------------------- sendmail Begin ------------------------ 




Bytes Transferred: 38456
Messages Sent:     4
Total recipients:  4
**Unmatched Entries**
 /etc/hosts.deny, line 13: missing ":" separator: 2 Time(s)

 SYSERR(root): hash map "Alias0": unsafe map file /etc/aliases.db: 
Permission denied: 1 Time(s)
 SYSERR(root): Cannot create database for alias file /etc/aliases: 1 
Time(s)



---------------------- sendmail End ------------------------- 




--------------------- SSHD Begin ------------------------ 



SSHD Started: 1 Time(s)

Failed logins from these:
 fax/password from 66.70.212.220: 2 Time(s)
 root/password from 125.244.53.194: 15 Time(s)
 root/password from 217.37.72.233: 3 Time(s)
 root/password from 61.31.201.116: 1 Time(s)
 root/password from 66.235.35.101: 524 Time(s)

Illegal users from these:
 admin/none from 66.70.212.220: 3 Time(s)
 admin/none from unknown: 3 Time(s)
 andy/none from 66.70.212.220: 1 Time(s)
 andy/none from unknown: 1 Time(s)
 bob/none from 66.70.212.220: 1 Time(s)
 bob/none from unknown: 1 Time(s)
 cisco/none from 66.70.212.220: 1 Time(s)
 cisco/none from unknown: 1 Time(s)
 contact/none from 66.70.212.220: 1 Time(s)
 contact/none from unknown: 1 Time(s)
 cvsroot/none from 66.70.212.220: 1 Time(s)
 cvsroot/none from unknown: 1 Time(s)
 dell/none from 66.70.212.220: 1 Time(s)
 dell/none from unknown: 1 Time(s)
 gnats/none from 66.70.212.220: 1 Time(s)
 gnats/none from unknown: 1 Time(s)
 hosting/none from 66.70.212.220: 1 Time(s)
 hosting/none from unknown: 1 Time(s)
 httpd/none from 66.70.212.220: 1 Time(s)
 httpd/none from unknown: 1 Time(s)
 jabber/none from 66.70.212.220: 1 Time(s)
 jabber/none from unknown: 1 Time(s)
 jason/none from 66.70.212.220: 1 Time(s)
 jason/none from unknown: 1 Time(s)
 joel/none from 66.70.212.220: 1 Time(s)
 joel/none from unknown: 1 Time(s)
 joseph/none from 66.70.212.220: 1 Time(s)
 joseph/none from unknown: 1 Time(s)
 justin/none from 66.70.212.220: 1 Time(s)
 justin/none from unknown: 1 Time(s)
 ken/none from 66.70.212.220: 1 Time(s)
 ken/none from unknown: 1 Time(s)
 kim/none from 66.70.212.220: 1 Time(s)
 kim/none from unknown: 1 Time(s)
 list/none from 66.70.212.220: 1 Time(s)
 list/none from unknown: 1 Time(s)
 marco/none from 66.70.212.220: 1 Time(s)
 marco/none from unknown: 1 Time(s)
 movies/none from 66.70.212.220: 2 Time(s)
 movies/none from unknown: 2 Time(s)
 music/none from 66.70.212.220: 1 Time(s)
 music/none from unknown: 1 Time(s)
 newsletter/none from 66.70.212.220: 1 Time(s)
 newsletter/none from unknown: 1 Time(s)
 nicole/none from 66.70.212.220: 1 Time(s)
 nicole/none from unknown: 1 Time(s)
 oracle/none from 66.70.212.220: 1 Time(s)
 oracle/none from unknown: 1 Time(s)
 peter/none from 66.70.212.220: 1 Time(s)
 peter/none from unknown: 1 Time(s)
 pgsql/none from 66.70.212.220: 1 Time(s)
 pgsql/none from unknown: 1 Time(s)
 pictures/none from 66.70.212.220: 2 Time(s)
 pictures/none from unknown: 2 Time(s)
 portal/none from 66.70.212.220: 1 Time(s)
 portal/none from unknown: 1 Time(s)
 ricardo/none from 66.70.212.220: 1 Time(s)
 ricardo/none from unknown: 1 Time(s)
 sales/none from 66.70.212.220: 1 Time(s)
 sales/none from unknown: 1 Time(s)
 sites/none from 66.70.212.220: 1 Time(s)
 sites/none from unknown: 1 Time(s)
 soft/none from 66.70.212.220: 1 Time(s)
 soft/none from unknown: 1 Time(s)
 software/none from 66.70.212.220: 1 Time(s)
 software/none from unknown: 1 Time(s)
 sourceforge/none from 66.70.212.220: 1 Time(s)
 sourceforge/none from unknown: 1 Time(s)
 spam/none from 66.70.212.220: 3 Time(s)
 spam/none from unknown: 3 Time(s)
 stats/none from 66.70.212.220: 1 Time(s)
 stats/none from unknown: 1 Time(s)
 steve/none from 66.70.212.220: 1 Time(s)
 steve/none from unknown: 1 Time(s)
 store/none from 66.70.212.220: 1 Time(s)
 store/none from unknown: 1 Time(s)
 support/none from 66.70.212.220: 1 Time(s)
 support/none from unknown: 1 Time(s)
 tech/none from 66.70.212.220: 2 Time(s)
 tech/none from unknown: 2 Time(s)
 test/none from 66.70.212.220: 4 Time(s)
 test/none from unknown: 4 Time(s)
 test1/none from 66.70.212.220: 4 Time(s)
 test1/none from unknown: 4 Time(s)
 test1234/none from 66.70.212.220: 1 Time(s)
 test1234/none from unknown: 1 Time(s)
 tester/none from 66.70.212.220: 1 Time(s)
 tester/none from unknown: 1 Time(s)
 testing/none from 66.70.212.220: 3 Time(s)
 testing/none from unknown: 3 Time(s)
 testuser/none from 66.70.212.220: 1 Time(s)
 testuser/none from unknown: 1 Time(s)
 tv/none from 66.70.212.220: 2 Time(s)
 tv/none from unknown: 2 Time(s)
 upload/none from 66.70.212.220: 2 Time(s)
 upload/none from unknown: 2 Time(s)
 uploader/none from 66.70.212.220: 6 Time(s)
 uploader/none from unknown: 6 Time(s)
 uploader1/none from 66.70.212.220: 1 Time(s)
 uploader1/none from unknown: 1 Time(s)
 user2/none from 66.70.212.220: 1 Time(s)
 user2/none from unknown: 1 Time(s)
 webadmin/none from 66.70.212.220: 1 Time(s)
 webadmin/none from unknown: 1 Time(s)
 websites/none from 66.70.212.220: 2 Time(s)
 websites/none from unknown: 2 Time(s)

Users logging in through sshd:
 wab:
    216.218.108.208: 2 times

Refused incoming connections:
    61.134.32.18 (61.134.32.18): 1 Time(s)

**Unmatched Entries**
warning: /etc/hosts.deny, line 13: missing ":" separator
warning: /etc/hosts.deny, line 13: missing ":" separator


---------------------- SSHD End ------------------------- 



--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/




--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/






















					Reply via email to