search for: denyhost

Hello, I've installed denyhosts on centos 5.3 trying to block automated attacks on ssh. It appears to be working in that entries are being added to /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip being added perday when the total is many more than that. My config is below, i've gone over it and am n...

...few >weeks and I have no idea how to fix it. > >I've set a cron job to run 3 times an hour (as root) and logcheck's >picking up on this (but no others). The output in the email is this:- > >Jan 8 20:21:01 homer /USR/SBIN/CRON[8637]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.py -c /root/denyhosts/denyhosts.cfg) >Jan 8 20:41:01 homer /USR/SBIN/CRON[2949]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.py -c /root/denyhosts/denyhosts.cfg) >Jan 8 21:01:01 homer /USR/SBIN/CRON[12711]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.p...

Hello: I have been looking into projects that will automatically restrict hacking attempts on my servers running CentOS 5. I think the two top contenders are: DenyHosts - http://denyhosts.sourceforge.net Fail2ban - http://www.fail2ban.org >From what I see, DenyHosts only blocks based on failed SSH attempts whereas Fail2ban blocks failed attempts for other access as well. The main benefit I see from DenyHosts is their synchronization service where my servers...

...e/doc, which is an odd place to stash an executable, -logic perhaps being you just symlink however you want. Now having a time to spare, I appeal to you with paypal beer $. I'd like to of course script this specifically for centos. I have firewall rules and other protections, but it's (denyhosts) too cool to pass up. reminds me a bit of portsentry, or whatever they call it now, tri-sentry, maybe it's quad-sentry now or... I can also trade you some mega-spiffy ultra-detailed centos build scripts for tomcat servers, squid machines, etc. -krb

Everyone, It is apparent that the epel version of denyhosts on Centos 7 which is denyhosts-2.9-4.el7.noarch does not resynch with : SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 According to : https://www.centos.org/forums/viewtopic.php?f=51&t=56989 the problem is related to a version update problem in the epel repositories. I submitted a bugzill...

I'd like to see a feature of the commercial ssh in openssh: AllowHosts xxx.yyy.xxx.yyy *.domain.net DenyHosts xxx.yyy.xxx.* name.domain.net This allows or denies connects from certain machines (including wildcard matching). Is there any chance for this feature to be included? No, we don't want to use tcp-wrapper for this. Bye. +----------------------------------------------------------------------...

Hi, My denyhosts stop working. How do i check why isnt it working anymore for me? Thanks Oct 2 22:59:17 beyond sshd[15690]: Failed password for root from 221.7.37.142 port 49836 ssh2 Oct 2 22:59:17 beyond sshd[15692]: Received disconnect from 221.7.37.142: 11: Bye Bye Oct 2 22:59:18 beyond sshd[15701]: pam...

Hi, here's another feature request that I just found and where I would like to hear your comments first: > The above commands are valid ssh-nonfree, but openssh doesn't like them. The > first two are important for security conscious sites. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can run dovecot run xinetd. Any other ideas to help protect dovecot from brute...

Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene

Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 9...

Hi, I am kind of restricted to using packaged versions of software due to company policy, and we have f12 on our mail server with dovecot-1.2.15-2.fc12.i686 package. we have recently had some brute force attacks on the pop3 and imapd and this results in many processes being used for login attempts. Our dovecot is hosted on a Virtual Private Server which restricts access to IPTABLEs and also

Hi, i have one centos 4.3 box, exposed to the internet. since several weeks ago, i found numerous attemps to connect through SSH, but failed. they tried with many username, including root. it's comes from different IP. some of them are foreign website. How do i make my centos become smarter in handling this kind of attacks. eventhough i've disable all the user accounts, left only the

...inst vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based Intrusion Detection. I've run across four systems. Blockhosts, DenyHosts, fail2ban and OSSEC. DenyHosts apparently only works with ssh, so I've discounted using that. Is anyone using one of these or something else that I've missed. At present, I'm leaning towards OSSEC for several reasons. First it seems very robust. Second, you can set up a server/clie...

I have in the sshd_config the following to disable password authentication Match Group dummies PasswordAuthentication no KbdInteractive no Normally I use denyhosts to detect incorrect logins, but it seems that failed sshkey logins are not logged in auth.log And I really like to have them in order to detect them and use the denyhosts script. Looked in the last nightly builds, but it seems that only method ' password' is being logged. So I added one l...

...his (which works fine). node standard { $epel_includepkgs += ''puppet augeas-libs facter ruby-augeas ruby-shadow '' class { ''repo_epel'': stage => ''pre'' } #other stuff } node ''my.node1'' inherits standard { include denyhosts } node ''my.node2'' inherits standard { include denyhosts include gitlabhq } class repo_epel { yumrepo { ''epel'': enabled => 1, descr => ''Extra Packages for Enterprise Linux 6 - \$basearch'', mirro...

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

Hi, I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine. Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ? Cheers, Niki

...t on up2date''s list... I intend to use Snort, though I hope that it won''t share portsentry''s fate and become extinct after Check Point''s acquisition of Sourcefire will be completed. No FUD intended on this, optimistic views are always highly welcomed :) Luckily denyhosts has no plans of selling itself to anyone so that''s one project I can safely use :) So, Open Source portscaner for CentOS... anyone... ? :) Thank you for your time and help, With respect, Alex

Does anyone have a script that will notice a Rumplestiltskin type spam attack (where they try every name possible) and drop the sending into a block list? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and