search for: denyhosts

Displaying 20 results from an estimated 73 matches for "denyhosts".

2009 Aug 26
1
denyhosts configuration
Hello, I've installed denyhosts on centos 5.3 trying to block automated attacks on ssh. It appears to be working in that entries are being added to /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip being added perday when the total is many more than that. My config is below, i've gone over it and am no...
2006 Jan 09
0
Re: Logcheck-users Digest, Vol 5, Issue 1
...few >weeks and I have no idea how to fix it. > >I've set a cron job to run 3 times an hour (as root) and logcheck's >picking up on this (but no others). The output in the email is this:- > >Jan 8 20:21:01 homer /USR/SBIN/CRON[8637]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.py -c /root/denyhosts/denyhosts.cfg) >Jan 8 20:41:01 homer /USR/SBIN/CRON[2949]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.py -c /root/denyhosts/denyhosts.cfg) >Jan 8 21:01:01 homer /USR/SBIN/CRON[12711]: (root) CMD (/usr/bin/python >/root/denyhosts/denyhosts.py...
2009 Jul 09
3
Looking for recommendations for blocking hacking attempts
Hello: I have been looking into projects that will automatically restrict hacking attempts on my servers running CentOS 5. I think the two top contenders are: DenyHosts - http://denyhosts.sourceforge.net Fail2ban - http://www.fail2ban.org >From what I see, DenyHosts only blocks based on failed SSH attempts whereas Fail2ban blocks failed attempts for other access as well. The main benefit I see from DenyHosts is their synchronization service where my servers...
2007 Mar 13
4
Centos-specific Denyhosts Howto Anyone?
...e/doc, which is an odd place to stash an executable, -logic perhaps being you just symlink however you want. Now having a time to spare, I appeal to you with paypal beer $. I'd like to of course script this specifically for centos. I have firewall rules and other protections, but it's (denyhosts) too cool to pass up. reminds me a bit of portsentry, or whatever they call it now, tri-sentry, maybe it's quad-sentry now or... I can also trade you some mega-spiffy ultra-detailed centos build scripts for tomcat servers, squid machines, etc. -krb
2017 Oct 15
0
denyhosts-2.9-4.el7 not resync'ing
Everyone, It is apparent that the epel version of denyhosts on Centos 7 which is denyhosts-2.9-4.el7.noarch does not resynch with : SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 According to : https://www.centos.org/forums/viewtopic.php?f=51&t=56989 the problem is related to a version update problem in the epel repositories. I submitted a bugzilla...
2001 Feb 27
4
AllowHosts / DenyHosts
I'd like to see a feature of the commercial ssh in openssh: AllowHosts xxx.yyy.xxx.yyy *.domain.net DenyHosts xxx.yyy.xxx.* name.domain.net This allows or denies connects from certain machines (including wildcard matching). Is there any chance for this feature to be included? No, we don't want to use tcp-wrapper for this. Bye. +-----------------------------------------------------------------------...
2007 Oct 02
1
denyhosts
Hi, My denyhosts stop working. How do i check why isnt it working anymore for me? Thanks Oct 2 22:59:17 beyond sshd[15690]: Failed password for root from 221.7.37.142 port 49836 ssh2 Oct 2 22:59:17 beyond sshd[15692]: Received disconnect from 221.7.37.142: 11: Bye Bye Oct 2 22:59:18 beyond sshd[15701]: pam_...
2000 Dec 28
1
COMPATIBILITY: AllowHosts/DenyHosts/SilentDeny not supported
Hi, here's another feature request that I just found and where I would like to hear your comments first: > The above commands are valid ssh-nonfree, but openssh doesn't like them. The > first two are important for security conscious sites. Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6
2006 Aug 30
3
No tcp wrappers, other ideas to help stop brute force attacks?
I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can run dovecot run xinetd. Any other ideas to help protect dovecot from brute...
2009 Aug 20
5
protecting multiuser systems from bruteforce ssh attacks
Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene
2008 Jan 21
5
denyhosts-like app for MySQLd?
Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 93...
2010 Nov 10
2
need to block user by IP address (tried denyhosts, xinetd, iptables etc)
Hi, I am kind of restricted to using packaged versions of software due to company policy, and we have f12 on our mail server with dovecot-1.2.15-2.fc12.i686 package. we have recently had some brute force attacks on the pop3 and imapd and this results in many processes being used for login attempts. Our dovecot is hosted on a Virtual Private Server which restricts access to IPTABLEs and also
2007 Feb 15
8
Defending againts simultanious attacks
Hi, i have one centos 4.3 box, exposed to the internet. since several weeks ago, i found numerous attemps to connect through SSH, but failed. they tried with many username, including root. it's comes from different IP. some of them are foreign website. How do i make my centos become smarter in handling this kind of attacks. eventhough i've disable all the user accounts, left only the
2007 Sep 26
4
Intrusion Detection Systems
...inst vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based Intrusion Detection. I've run across four systems. Blockhosts, DenyHosts, fail2ban and OSSEC. DenyHosts apparently only works with ssh, so I've discounted using that. Is anyone using one of these or something else that I've missed. At present, I'm leaning towards OSSEC for several reasons. First it seems very robust. Second, you can set up a server/clien...
2010 Apr 19
1
no logging in auth.log when using wrong ssh keys
I have in the sshd_config the following to disable password authentication Match Group dummies PasswordAuthentication no KbdInteractive no Normally I use denyhosts to detect incorrect logins, but it seems that failed sshkey logins are not logged in auth.log And I really like to have them in order to detect them and use the denyhosts script. Looked in the last nightly builds, but it seems that only method ' password' is being logged. So I added one li...
2012 Jul 05
7
proper usage of global variables / node variables / +=
...his (which works fine). node standard { $epel_includepkgs += ''puppet augeas-libs facter ruby-augeas ruby-shadow '' class { ''repo_epel'': stage => ''pre'' } #other stuff } node ''my.node1'' inherits standard { include denyhosts } node ''my.node2'' inherits standard { include denyhosts include gitlabhq } class repo_epel { yumrepo { ''epel'': enabled => 1, descr => ''Extra Packages for Enterprise Linux 6 - \$basearch'', mirror...
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown
2009 Oct 09
5
Simple way to banish IP addresses ?
Hi, I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine. Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ? Cheers, Niki
2006 Mar 20
6
[OT maybe] netcafe firewall
...t on up2date''s list... I intend to use Snort, though I hope that it won''t share portsentry''s fate and become extinct after Check Point''s acquisition of Sourcefire will be completed. No FUD intended on this, optimistic views are always highly welcomed :) Luckily denyhosts has no plans of selling itself to anyone so that''s one project I can safely use :) So, Open Source portscaner for CentOS... anyone... ? :) Thank you for your time and help, With respect, Alex
2006 Mar 26
9
Script to kill dictionary spam attacks
Does anyone have a script that will notice a Rumplestiltskin type spam attack (where they try every name possible) and drop the sending into a block list? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and