Ping a Specific Port

Question

grieve

Asked: 2009-06-04 06:33:30 +0800 CST2009-06-04 06:33:30 +0800 CST 2009-06-04 06:33:30 +0800 CST

How can I prevent denyhosts from adding the same host to the denied file over and over

772

I am using denyhosts on my FreeBSD (6.2) box, and everything appears to be working fine, except denyhosts keeps adding the same 4 hosts to my denied file over and over.

eli18.internetdsl.tpnet.pl
mx-int.rundblick.de
vmnepo05.deri.ie
v29051.1blu.de

Has anyone else seen this, or better yet know how to fix it? I googled for this, and didn't find any answers. One person had a similar problem, but no solution.

Edit:

Just to clarify I currently have denyhosts configured to write all denied hosts to /etc/hosts.deniedssh, and my /etc/hosts.allow uses that file in a rule to deny access to all hosts in that file. Denyhosts for whatever reason keeps adding the same four hosts to hosts.deniedssh

Edit 2: Here are the relevant portions of my denyhosts.conf file

# Mandrake, FreeBSD or OpenBSD:
SECURE_LOG = /var/log/auth.log
# Most operating systems:
HOSTS_DENY = /etc/hosts.deniedssh
#######################################################################
#
# WORK_DIR: the path that DenyHosts will use for writing data to
# (it will be created if it does not already exist).
#
# Note: it is recommended that you use an absolute pathname
# for this value (eg. /home/foo/denyhosts/data)
#
WORK_DIR = /usr/local/share/denyhosts/data

Additionally the four hosts in question are no where to be found in my /var/log/auth.log file (at least not the most current one).

4 Answers

Voted

pjz · Answer 1 · 2009-06-04T12:19:26+08:00

pjz

2009-06-04T12:19:26+08:002009-06-04T12:19:26+08:00

Sounds to me like denyhosts is checking one file for its lists of hosts being denied (/etc/hosts.deny maybe?) but writing out newly denied hosts to /etc/hosts.deniedssh ; since they're not the same, it never 'realizes' that they've already been added so it keeps re-adding them.

How did you get it to write to /etc/hosts.deniedssh?

1

Adam Gibbins · Answer 2 · 2009-06-04T06:38:06+08:00

Adam Gibbins

2009-06-04T06:38:06+08:002009-06-04T06:38:06+08:00

They're obviously causing problems, so if its always the same 4 people just permanently block them using your firewall?

0

user1686 · Answer 3 · 2009-06-04T07:23:44+08:00

user1686

2009-06-04T07:23:44+08:002009-06-04T07:23:44+08:00

Have you tried adding the hosts to /etc/hosts.allow?

Also, denyhosts has its own internal cache, and if you edit hosts.deny without stopping denyhosts first, it will simply overwrite your changes after a minute or so.

0

Stick · Answer 4 · 2009-06-04T14:21:10+08:00

Stick

2009-06-04T14:21:10+08:002009-06-04T14:21:10+08:00

You can add hosts/ips to /var/lib/denyhosts/allowed-hosts to prevent them from ever being added no matter how many logins they fail.

0

How can I prevent denyhosts from adding the same host to the denied file over and over

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?