You can subscribe to this list here.
2005 |
Jan
|
Feb
|
Mar
(2) |
Apr
(5) |
May
(2) |
Jun
(1) |
Jul
(17) |
Aug
(82) |
Sep
(12) |
Oct
(11) |
Nov
(5) |
Dec
(12) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2006 |
Jan
(26) |
Feb
(14) |
Mar
(34) |
Apr
(34) |
May
(10) |
Jun
(8) |
Jul
(19) |
Aug
(10) |
Sep
(5) |
Oct
(8) |
Nov
(31) |
Dec
(27) |
2007 |
Jan
(29) |
Feb
(1) |
Mar
(3) |
Apr
(7) |
May
(19) |
Jun
(3) |
Jul
(40) |
Aug
(35) |
Sep
(41) |
Oct
(22) |
Nov
(6) |
Dec
(9) |
2008 |
Jan
(14) |
Feb
|
Mar
(24) |
Apr
(24) |
May
(28) |
Jun
(27) |
Jul
(60) |
Aug
(16) |
Sep
(3) |
Oct
(30) |
Nov
(32) |
Dec
(6) |
2009 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
(8) |
May
(14) |
Jun
(2) |
Jul
(27) |
Aug
(9) |
Sep
(6) |
Oct
(14) |
Nov
(12) |
Dec
(22) |
2010 |
Jan
(16) |
Feb
(43) |
Mar
(15) |
Apr
(11) |
May
(5) |
Jun
(4) |
Jul
(8) |
Aug
(31) |
Sep
(17) |
Oct
(4) |
Nov
(12) |
Dec
(4) |
2011 |
Jan
(22) |
Feb
(8) |
Mar
|
Apr
(10) |
May
(3) |
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
(7) |
Nov
(1) |
Dec
|
2012 |
Jan
|
Feb
|
Mar
|
Apr
(16) |
May
|
Jun
|
Jul
(6) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
2013 |
Jan
(1) |
Feb
|
Mar
(1) |
Apr
(7) |
May
|
Jun
(1) |
Jul
|
Aug
(17) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
2014 |
Jan
(5) |
Feb
(1) |
Mar
(3) |
Apr
(3) |
May
|
Jun
(6) |
Jul
|
Aug
|
Sep
(3) |
Oct
|
Nov
(1) |
Dec
|
2015 |
Jan
(3) |
Feb
|
Mar
|
Apr
(5) |
May
|
Jun
|
Jul
(9) |
Aug
(2) |
Sep
(6) |
Oct
(5) |
Nov
(6) |
Dec
(4) |
2016 |
Jan
(1) |
Feb
(1) |
Mar
(2) |
Apr
|
May
(3) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2017 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2020 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Jean-Marc S. <jea...@sp...> - 2015-07-15 23:42:28
|
Nice initiative. Thanks for doing that. Is ther any thing in place to avoid baf behaviors like people reporting random IPs etc.? Like, how trustful will be this list? Le 2015-07-15 18:17, "Jesse Smith" <jes...@ya...> a écrit : > The test server Jan-Pascal mentioned is now up and running. We're hoping > to see how well it holds up with a small group of users, so if you're > interested, please edit your DenyHosts configuration files and set the > SYNC_SERVER to http://deny.resonatingmedia.com:9911 > > Assuming the trial goes well, we will leave the sync server running and > announce it more publicly. > > A big "Thank You!" to Jan-Pascal for writing the server-side code and > putting so much work into helping us test it and improve both client > side and server side. > > Jesse > > > > > On 15/07/15 06:47 PM, Robert T Wyatt wrote: > > THANK YOU! > > > > --Robert Wyatt > > Austin, TX > > > > > > Jan-Pascal van Best wrote: > >> Hi all, > >> > >> For several years now users of DenyHosts have been asking for an open > >> source synchronization server, a central hub that would allow DenyHosts > >> to coordinate and share malicious IP addresses. This has gotten more > >> urgent due to a number of serious flaws in the current synchronization > >> server[1] and the lack of response from the original DenyHosts > developer. > >> > >> I've created, in full cooperation with the current DenyHosts > >> developers[2], an open source (AGPLv3) synchronization server [3]. The > >> server has been working well in our initial tests and since it has just > >> reached release 1.0 we will shortly invite a wider group of people to > >> use the new server. Initially there will be fewer reports from the new > >> sync server than you now receive from the legacy server, but we are > >> convinced that the quality of the synchronization algorithm is higher > >> and that, once enough people connect to the new server, it will better > >> serve the denyhosts community. Once created, the address of the new sync > >> server will we announced at http://denyhost.sourceforge.net/news.php. > >> > >> I'd be happy to answer any questions you may have regarding the new sync > >> server and the circumstances that led to its development. > >> > >> Kind regards > >> > >> Jan-Pascal > >> > >> > >> [1] http://sourceforge.net/p/denyhosts/bugs/53/ > >> [2] https://github.com/denyhosts/denyhosts/issues/35 > >> [3] https://github.com/janpascal/denyhosts_sync > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> Don't Limit Your Business. Reach for the Cloud. > >> GigeNET's Cloud Solutions provide you with the tools and support that > >> you need to offload your IT needs and focus on growing your business. > >> Configured For All Businesses. Start Your Cloud Today. > >> https://www.gigenetcloud.com/ > >> _______________________________________________ > >> Denyhosts-user mailing list > >> Den...@li... > >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > > > > > ------------------------------------------------------------------------------ > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > _______________________________________________ > > Denyhosts-user mailing list > > Den...@li... > > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > |
From: Jesse S. <jes...@ya...> - 2015-07-15 22:55:46
|
Short answer: Jan-Pascal is a better person to answer this question, but he has put anti-malicious behaviour checks in place. Somewhat longer answer: DenyHosts will allow you to set a check which basically says "Only block this host if N number of people have said we should." The variable in the DenyHosts configuration file is called "SYNC_DOWNLOAD_THRESHOLD ". In other words, if one malicious person spams random IP addresses into our database, that should not be a problem so long as SYNC_DOWNLOAD_THRESHOLD is set to higher than 1. I would recommend setting SYNC_DOWNLOAD_THRESHOLD to 3 or higher as it will protect you from multiple malicious people trying to poison our database. Jesse On 15/07/15 07:46 PM, Jean-Marc Spaggiari wrote: > Nice initiative. Thanks for doing that. > > Is ther any thing in place to avoid baf behaviors like people reporting > random IPs etc.? > > Like, how trustful will be this list? > > Le 2015-07-15 18:17, "Jesse Smith" <jes...@ya... > <mailto:jes...@ya...>> a écrit : > > The test server Jan-Pascal mentioned is now up and running. We're hoping > to see how well it holds up with a small group of users, so if you're > interested, please edit your DenyHosts configuration files and set the > SYNC_SERVER to http://deny.resonatingmedia.com:9911 > > Assuming the trial goes well, we will leave the sync server running and > announce it more publicly. > > A big "Thank You!" to Jan-Pascal for writing the server-side code and > putting so much work into helping us test it and improve both client > side and server side. > > Jesse > > > > > On 15/07/15 06:47 PM, Robert T Wyatt wrote: > > THANK YOU! > > > > --Robert Wyatt > > Austin, TX > > > > > > Jan-Pascal van Best wrote: > >> Hi all, > >> > >> For several years now users of DenyHosts have been asking for an open > >> source synchronization server, a central hub that would allow > DenyHosts > >> to coordinate and share malicious IP addresses. This has gotten more > >> urgent due to a number of serious flaws in the current > synchronization > >> server[1] and the lack of response from the original DenyHosts > developer. > >> > >> I've created, in full cooperation with the current DenyHosts > >> developers[2], an open source (AGPLv3) synchronization server > [3]. The > >> server has been working well in our initial tests and since it > has just > >> reached release 1.0 we will shortly invite a wider group of people to > >> use the new server. Initially there will be fewer reports from > the new > >> sync server than you now receive from the legacy server, but we are > >> convinced that the quality of the synchronization algorithm is higher > >> and that, once enough people connect to the new server, it will > better > >> serve the denyhosts community. Once created, the address of the > new sync > >> server will we announced at http://denyhost.sourceforge.net/news.php. > >> > >> I'd be happy to answer any questions you may have regarding the > new sync > >> server and the circumstances that led to its development. > >> > >> Kind regards > >> > >> Jan-Pascal > >> > >> > >> [1] http://sourceforge.net/p/denyhosts/bugs/53/ > >> [2] https://github.com/denyhosts/denyhosts/issues/35 > >> [3] https://github.com/janpascal/denyhosts_sync > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> Don't Limit Your Business. Reach for the Cloud. > >> GigeNET's Cloud Solutions provide you with the tools and support that > >> you need to offload your IT needs and focus on growing your business. > >> Configured For All Businesses. Start Your Cloud Today. > >> https://www.gigenetcloud.com/ > >> _______________________________________________ > >> Denyhosts-user mailing list > >> Den...@li... > <mailto:Den...@li...> > >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > > > > > ------------------------------------------------------------------------------ > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > _______________________________________________ > > Denyhosts-user mailing list > > Den...@li... > <mailto:Den...@li...> > > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > <mailto:Den...@li...> > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > |
From: Jesse S. <jes...@ya...> - 2015-07-15 22:17:25
|
The test server Jan-Pascal mentioned is now up and running. We're hoping to see how well it holds up with a small group of users, so if you're interested, please edit your DenyHosts configuration files and set the SYNC_SERVER to http://deny.resonatingmedia.com:9911 Assuming the trial goes well, we will leave the sync server running and announce it more publicly. A big "Thank You!" to Jan-Pascal for writing the server-side code and putting so much work into helping us test it and improve both client side and server side. Jesse On 15/07/15 06:47 PM, Robert T Wyatt wrote: > THANK YOU! > > --Robert Wyatt > Austin, TX > > > Jan-Pascal van Best wrote: >> Hi all, >> >> For several years now users of DenyHosts have been asking for an open >> source synchronization server, a central hub that would allow DenyHosts >> to coordinate and share malicious IP addresses. This has gotten more >> urgent due to a number of serious flaws in the current synchronization >> server[1] and the lack of response from the original DenyHosts developer. >> >> I've created, in full cooperation with the current DenyHosts >> developers[2], an open source (AGPLv3) synchronization server [3]. The >> server has been working well in our initial tests and since it has just >> reached release 1.0 we will shortly invite a wider group of people to >> use the new server. Initially there will be fewer reports from the new >> sync server than you now receive from the legacy server, but we are >> convinced that the quality of the synchronization algorithm is higher >> and that, once enough people connect to the new server, it will better >> serve the denyhosts community. Once created, the address of the new sync >> server will we announced at http://denyhost.sourceforge.net/news.php. >> >> I'd be happy to answer any questions you may have regarding the new sync >> server and the circumstances that led to its development. >> >> Kind regards >> >> Jan-Pascal >> >> >> [1] http://sourceforge.net/p/denyhosts/bugs/53/ >> [2] https://github.com/denyhosts/denyhosts/issues/35 >> [3] https://github.com/janpascal/denyhosts_sync >> >> >> >> ------------------------------------------------------------------------------ >> Don't Limit Your Business. Reach for the Cloud. >> GigeNET's Cloud Solutions provide you with the tools and support that >> you need to offload your IT needs and focus on growing your business. >> Configured For All Businesses. Start Your Cloud Today. >> https://www.gigenetcloud.com/ >> _______________________________________________ >> Denyhosts-user mailing list >> Den...@li... >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > |
From: Robert T W. <chu...@gm...> - 2015-07-15 21:47:57
|
THANK YOU! --Robert Wyatt Austin, TX Jan-Pascal van Best wrote: > Hi all, > > For several years now users of DenyHosts have been asking for an open > source synchronization server, a central hub that would allow DenyHosts > to coordinate and share malicious IP addresses. This has gotten more > urgent due to a number of serious flaws in the current synchronization > server[1] and the lack of response from the original DenyHosts developer. > > I've created, in full cooperation with the current DenyHosts > developers[2], an open source (AGPLv3) synchronization server [3]. The > server has been working well in our initial tests and since it has just > reached release 1.0 we will shortly invite a wider group of people to > use the new server. Initially there will be fewer reports from the new > sync server than you now receive from the legacy server, but we are > convinced that the quality of the synchronization algorithm is higher > and that, once enough people connect to the new server, it will better > serve the denyhosts community. Once created, the address of the new sync > server will we announced at http://denyhost.sourceforge.net/news.php. > > I'd be happy to answer any questions you may have regarding the new sync > server and the circumstances that led to its development. > > Kind regards > > Jan-Pascal > > > [1] http://sourceforge.net/p/denyhosts/bugs/53/ > [2] https://github.com/denyhosts/denyhosts/issues/35 > [3] https://github.com/janpascal/denyhosts_sync > > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > https://lists.sourceforge.net/lists/listinfo/denyhosts-user |
From: Jan-Pascal v. B. <jan...@va...> - 2015-07-15 21:33:18
|
Hi all, For several years now users of DenyHosts have been asking for an open source synchronization server, a central hub that would allow DenyHosts to coordinate and share malicious IP addresses. This has gotten more urgent due to a number of serious flaws in the current synchronization server[1] and the lack of response from the original DenyHosts developer. I've created, in full cooperation with the current DenyHosts developers[2], an open source (AGPLv3) synchronization server [3]. The server has been working well in our initial tests and since it has just reached release 1.0 we will shortly invite a wider group of people to use the new server. Initially there will be fewer reports from the new sync server than you now receive from the legacy server, but we are convinced that the quality of the synchronization algorithm is higher and that, once enough people connect to the new server, it will better serve the denyhosts community. Once created, the address of the new sync server will we announced at http://denyhost.sourceforge.net/news.php. I'd be happy to answer any questions you may have regarding the new sync server and the circumstances that led to its development. Kind regards Jan-Pascal [1] http://sourceforge.net/p/denyhosts/bugs/53/ [2] https://github.com/denyhosts/denyhosts/issues/35 [3] https://github.com/janpascal/denyhosts_sync |
From: Shiela S. <shi...@gm...> - 2015-04-30 20:44:13
|
You were correct about the old package. I updated to denyhosts-2.6-20.el6.noarch and it's working beautifully. Many thanks!! I'm so happy to see the attempts get shot down. On Fri, Apr 24, 2015 at 1:34 PM, Jason L Tibbitts III <ti...@ma...> wrote: > >>>>> "SS" == Shiela Spaleta <shi...@gm...> writes: > > SS> It's denyhosts 2.6 (pkg denyhosts-2.6-19.el6.1.noarch) on Centos 6.6 > > You replied to me only. > > That version is pretty old. 2.10 is current. I'm actually the Fedora > maintainer of Denyhosts, and I did go ahead and build a newer version > for EL7 as well because the package works fine there, but centos 6 is > really old so and the newer package won't build. I did, I think, push > some security fixes to the old EL branches as well just so those folks > wouldn't be screwed, but really, the EPEL maintainer needs to decide if > he wants to bring those old releases forward or not, or someone else > needs to step up to maintain those packages in EPEL. > > As for your particular issue, I know there were some fixes in a more > recent vesion relating to blocking additional failed logins: > > https://github.com/denyhosts/denyhosts/issues/27 > https://github.com/denyhosts/denyhosts/issues/15 > > Not sure if either of those apply to your situation, though. All I can > suggest, besides manually updating to a new version, is to compare the > log entries which you believe should trigger blocking against the set of > patterns that Denyhosts uses, and modify those patterns as necessary. > > - J< > |
From: Jonathon D. <jh...@fs...> - 2015-04-29 14:21:35
|
I have recently installed denyhosts on Fedora 20, and am unable to sync. I have turned on debugging, but am not getting a hint of what might be wrong. 2015-04-29 08:41:01,848 - denyhosts : DEBUG sync upload 2015-04-29 08:41:01,848 - sync : DEBUG send_new_hosts() 2015-04-29 08:41:01,850 - sync : ERROR 'SYNC_PROXY_SERVER' 2015-04-29 08:41:01,850 - sync : ERROR Could not initiate xmlrpc connection 2015-04-29 08:41:01,850 - sync : INFO sent 3 new hosts 2015-04-29 08:41:01,850 - denyhosts : DEBUG sync download 2015-04-29 08:41:01,850 - sync : DEBUG receive_new_hosts() 2015-04-29 08:41:01,850 - sync : ERROR 'SYNC_PROXY_SERVER' 2015-04-29 08:41:01,850 - sync : ERROR Could not initiate xmlrpc connection I temporarily disabled SELinux, and saw no difference. Is syncing still operational? |
From: Shiela S. <shi...@gm...> - 2015-04-24 14:22:53
|
It's denyhosts 2.6 (pkg denyhosts-2.6-19.el6.1.noarch) on Centos 6.6 On Thu, Apr 23, 2015 at 6:16 PM, Jason L Tibbitts III <ti...@ma...> wrote: > >>>>> "SS" == Shiela Spaleta <shi...@gm...> writes: > > SS> I see continuous attempts to bruteforce my server, but denyhosts > SS> only blocks a few hosts each day, and I can't understand why. > > Might help to mention which version you're running.... > > - J< > |
From: Jason L T. I. <ti...@ma...> - 2015-04-23 22:43:58
|
>>>>> "SS" == Shiela Spaleta <shi...@gm...> writes: SS> I see continuous attempts to bruteforce my server, but denyhosts SS> only blocks a few hosts each day, and I can't understand why. Might help to mention which version you're running.... - J< |
From: Shiela S. <shi...@gm...> - 2015-04-23 20:47:48
|
I see continuous attempts to bruteforce my server, but denyhosts only blocks a few hosts each day, and I can't understand why. Here is a snip from /var/log/secure showing one attempt. This was immediately followed by 12 more attempts within one minute, identical except for the port number. Even though DENY_THRESHOLD_ROOT = 1, still this host was never added to hosts.deny Apr 22 14:50:59 ===== sshd[28283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.21.198 user=root Apr 22 14:51:01 ===== sshd[28283]: Failed password for root from 222.186.21.198 port 43316 ssh2 Apr 22 14:51:02 ===== unix_chkpwd[28291]: password check failed for user (root) Apr 22 14:51:04 ===== sshd[28283]: Failed password for root from 222.186.21.198 port 43316 ssh2 Apr 22 14:51:04 ===== unix_chkpwd[28293]: password check failed for user (root) Apr 22 14:51:06 ===== sshd[28283]: Failed password for root from 222.186.21.198 port 43316 ssh2 Apr 22 14:51:06 ===== sshd[28284]: Received disconnect from 222.186.21.198: 11: /var/log/denyhost (set to debug) for the same time period shows that, although the log is being checked, it doesn't block the host. 2015-04-22 14:50:59,175 - denyhosts : DEBUG new hosts: [] 2015-04-22 14:50:59,176 - denyhosts : DEBUG no new denied hosts 2015-04-22 14:50:59,176 - denyhosts : DEBUG no new suspicious logins 2015-04-22 14:51:29,214 - denyhosts : DEBUG /var/log/secure has additional data 2015-04-22 14:51:29,393 - denyhosts : DEBUG new hosts: [] 2015-04-22 14:51:29,393 - denyhosts : DEBUG no new denied hosts 2015-04-22 14:51:29,393 - denyhosts : DEBUG no new suspicious logins 2015-04-22 14:51:59,429 - denyfileutil: DEBUG relative cutoff: 31449600 (seconds) 2015-04-22 14:51:59,430 - denyfileutil: DEBUG absolute cutoff: 1398279119 (epoch) 2015-04-22 14:51:59,430 - denyfileutil: INFO purging entries older than: Wed Apr 23 14:51:59 2014 2015-04-22 14:51:59,463 - denyfileutil: INFO num entries purged: 0 2015-04-22 14:51:59,463 - denyhosts : DEBUG /var/log/secure has additional data 2015-04-22 14:51:59,628 - denyhosts : DEBUG new hosts: [] 2015-04-22 14:51:59,628 - denyhosts : DEBUG no new denied hosts 2015-04-22 14:51:59,628 - denyhosts : DEBUG no new suspicious logins 2015-04-22 14:52:29,660 - denyhosts : DEBUG /var/log/secure has additional data 2015-04-22 14:52:29,839 - denyhosts : DEBUG new hosts: [] 2015-04-22 14:52:29,839 - denyhosts : DEBUG no new denied hosts 2015-04-22 14:52:29,839 - denyhosts : DEBUG no new suspicious logins Config settings are default, except as noted: /etc/denyhosts.conf SECURE_LOG = /var/log/secure HOSTS_DENY = /etc/hosts.deny PURGE_DENY = 52w # changed from default BLOCK_SERVICE = sshd DENY_THRESHOLD_INVALID = 3 # changed from default DENY_THRESHOLD_VALID = 5 # changed from default DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /var/lib/denyhosts SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/lock/subsys/denyhosts SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts <nobody@localhost> SMTP_SUBJECT = DenyHosts Report from ===== $[HOSTNAME] AGE_RESET_VALID=5d AGE_RESET_ROOT=25d AGE_RESET_RESTRICTED=25d AGE_RESET_INVALID=10d DAEMON_LOG = /var/log/denyhosts DAEMON_SLEEP = 30s DAEMON_PURGE = 1h Denyhosts is working at least sometimes because it does block a few hosts each day. And I do see “refused connect from” messages for other IPs in /var/log/secure. I can't understand why it doesn't block attempts as aggressive as these. Any good ideas appreciated. Thanks…. |
From: francis p. <fpi...@gm...> - 2015-01-22 20:18:08
|
On Fri, Jan 16, 2015 at 2:53 PM, David Weise <dw...@ri...> wrote: > hi, > It seems that denyhosts is not catching any root attempts on my rhel 6 > servers. The follow appears in my /var/log/secure: > ----------begin > PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= > rhost=hacker.domain.edu user=root > Jan 16 13:47:21 www-usr sshd[17268]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=hacker.domain.com > user=root > Jan 16 13:47:23 www-usr sshd[17268]: Failed password for root from > 10.1.1.1 port 33096 ssh2 > Jan 16 13:47:25 www-usr sshd[17268]: Failed password for root from > 10.1.1.1 port 33096 ssh2 > Jan 16 13:47:28 www-usr sshd[17268]: Failed password for root from > 10.1.1.1 port 33096 ssh2 > Jan 16 13:47:28 www-usr sshd[17270]: Connection closed by > ----------end > I have no really grasp of regex in python. Can anybody help me out to > formulate a regex statement? > --David > > Did you use the denyhosts package from epel for Redhat? It should come configured for the right settings. Most of the systems I have facing the public are on Debian so I can't think of one which would verify it is working OK on Redhat. In any case, you can disable root access in sshd_config and make your system vastly more secure by requiring a login to a named account. That way the brute force hackers don't know two things: the user name and the password. |
From: David W. <dw...@ri...> - 2015-01-16 19:18:30
|
hi, It seems that denyhosts is not catching any root attempts on my rhel 6 servers. The follow appears in my /var/log/secure: ----------begin PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=hacker.domain.edu user=root Jan 16 13:47:21 www-usr sshd[17268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=hacker.domain.com user=root Jan 16 13:47:23 www-usr sshd[17268]: Failed password for root from 10.1.1.1 port 33096 ssh2 Jan 16 13:47:25 www-usr sshd[17268]: Failed password for root from 10.1.1.1 port 33096 ssh2 Jan 16 13:47:28 www-usr sshd[17268]: Failed password for root from 10.1.1.1 port 33096 ssh2 Jan 16 13:47:28 www-usr sshd[17270]: Connection closed by ----------end I have no really grasp of regex in python. Can anybody help me out to formulate a regex statement? --David -- System Administrator Rider University 2083 Lawrenceville Rd. Lawrenceville, NJ 08648 (609)896-5000 x7439 |
From: Tom B. <tr...@no...> - 2015-01-01 14:43:03
|
Hello - I recently enabled Sync on my amazon ec2 Ubuntu 14.04 LTS instance and have been getting errors with the sync process. basically all I get is: 2015-01-01 09:32:57,980 - sync : ERROR 'SYNC_PROXY_SERVER' 2015-01-01 09:32:57,980 - sync : ERROR Could not initiate xmlrpc connection I am running on EC2, so I wasn’t sure if I needed to open a port or not on it’s security. I added a generic udp and tcp connection to the 9911 port, but no change. from the command line I can curl the URL http://xmlrpc.denyhosts.net:9911 <http://xmlrpc.denyhosts.net:9911/> and I get the ‘this is not a webpage’ response so when I do it from the terminal command line it works (i think). Anything dumb I’m missing? i googled for a while and didn’t find anything mentioning what I’m experiencing. Thanks |
From: Chuck G. <ch...@ch...> - 2014-11-16 17:12:48
|
Recently installed latest denyhosts on Ubuntu 14.04. It's working except for syncing. Was unable to find anybody else with the same problem through Googling. I do have this in the config file: SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 2014-11-16 08:11:37,761 - sync : ERROR 'SYNC_PROXY_SERVER' 2014-11-16 08:11:37,762 - sync : ERROR Could not initiate xmlrpc connection 2014-11-16 09:11:39,813 - sync : ERROR 'SYNC_PROXY_SERVER' 2014-11-16 09:11:39,814 - sync : ERROR Could not initiate xmlrpc connection 2014-11-16 09:36:40,629 - denyhosts : INFO Creating new firewall rule /sbin/iptables -I INPUT -s 189.203.240.60 -j DROP 2014-11-16 09:36:40,762 - denyhosts : INFO new denied hosts: ['189.203.240.60'] 2014-11-16 10:13:49,385 - sync : ERROR 'SYNC_PROXY_SERVER' 2014-11-16 10:13:49,385 - sync : ERROR Could not initiate xmlrpc connection 2014-11-16 11:13:52,165 - sync : ERROR 'SYNC_PROXY_SERVER' 2014-11-16 11:13:52,166 - sync : ERROR Could not initiate xmlrpc connection |
From: Doug N. <dou...@gm...> - 2014-09-25 19:22:33
|
Thanks Richard, this does appear to be the issue: # ls -lZ hosts.* -rw-r--r--. root root system_u:object_r:etc_t:s0 hosts.allow -rw-r--r--. root root unconfined_u:object_r:etc_t:s0 hosts.deny I’ll have to investigate how to fix this! Cheers, Doug On Sep 25, 2014, at 11:09 AM, Richard Holbert <ric...@ch...> wrote: > Is your system running SELinux? Try running ls -lZ to display the SELinux security context for these files. |
From: Jason L T. I. <ti...@ma...> - 2014-09-25 18:45:53
|
>>>>> "DN" == Doug Niven <dou...@gm...> writes: DN> Hi Folks, I’ve updated denyhosts on a Centos 6.5 machine to 2.6-19 DN> and for some reason it can’t write to /etc/hosts.deny, even though DN> it’s running as a daemon and as root: selinux, perhaps? If you run setenforce 0 and it starts working, then that's your answer. Then turn selinux back on (setenforce 1), make it fail and run ausearch -m avc -ts recent and see what denials you get. - J< |
From: Doug N. <dou...@gm...> - 2014-09-25 16:10:40
|
Hi Folks, I’ve updated denyhosts on a Centos 6.5 machine to 2.6-19 and for some reason it can’t write to /etc/hosts.deny, even though it’s running as a daemon and as root: $ ps auxwww|grep deny root 18197 0.0 0.0 188756 6300 ? S 09:00 0:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf $ sudo service denyhosts start Starting denyhosts: [Errno 13] Permission denied: '/etc/hosts.deny' # ls -l /etc/host* -rw-r--r--. 1 root root 9 Oct 2 2013 /etc/host.conf -rw-r--r--. 2 root root 265 Nov 7 2012 /etc/hosts -rw-r--r--. 1 root root 497 Apr 8 13:44 /etc/hosts.allow -rw-r--r--. 1 root root 1858 Sep 25 08:10 /etc/hosts.deny Ideas, suggestions? Best, Doug |
From: Daniel N. <da...@da...> - 2014-06-05 15:30:16
|
And ipv6? On June 2, 2014 7:48:03 AM CDT, Jesse Smith <jes...@ya...> wrote: >I did read through the posts about tcp_wrappers. Which is why I hope to >have a firewall-level solution in place in the near future. It is my >hope to have support for iptables and pf soon. > >Jesse > > > > >On 14-06-02 12:08 AM, Daniel Norton wrote: >> You might want to review the archives about dependencies on >tcp_wrappers >> and the end-of-life for tcp_wrappers. >> >> On Jun 1, 2014, at 6:09 PM, Jesse Smith <jes...@ya... >> <mailto:jes...@ya...>> wrote: >> >>> DenyHosts users and developers, >>> >>> As it appears as though DenyHosts is no longer being actively >maintained >>> and I have not been able to get in contact with the original author, >I >>> have decided to fork the DenyHosts project. >>> >>> The new project, DenyHost [1] picks up where DenyHosts 2.6 left off. >I >>> have applied the available patches from Debian and FreeBSD. I am >>> currently working my way through the Debian and Fedora bug reports >to >>> try to fix existing problems. I am also applying patches people have >>> kindly volunteered and posted to the DenyHosts SF forum. >>> >>> If anyone here would like to get involved, please drop me a line, I >can >>> always use more help. Also, please feel free to check out the new >git >>> repository [2] and send me patches for fixes/features. >>> >>> My long-term goals include getting the new DenyHost into the various >>> Linux distributions, add/improve support for firewall level >filtering >>> and improve systemd support. >>> >>> Best regards, >>> Jesse Smith >>> jes...@ya... <mailto:jes...@ya...> >>> >>> [1] http://denyhost.sourceforge.net/ >>> [2] git clone git://git.code.sf.net/p/denyhost/code denyhost-code >>> >>> >------------------------------------------------------------------------------ >>> Time is money. Stop wasting it! Get your web API in 5 minutes. >>> www.restlet.com/download >>> http://p.sf.net/sfu/restlet >>> _______________________________________________ >>> Denyhosts-user mailing list >>> Den...@li... >>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >> > > >------------------------------------------------------------------------------ >Learn Graph Databases - Download FREE O'Reilly Book >"Graph Databases" is the definitive new guide to graph databases and >their >applications. Written by three acclaimed leaders in the field, >this first edition is now available. Download your free book today! >http://p.sf.net/sfu/NeoTech >_______________________________________________ >Denyhosts-user mailing list >Den...@li... >https://lists.sourceforge.net/lists/listinfo/denyhosts-user -- Sent from my Android device with K-9 Mail. Please excuse my brevity. |
From: Jesse S. <jes...@ya...> - 2014-06-03 14:20:11
|
On 14-06-03 10:55 AM, Eugene Vilensky wrote: > > On Mon, Jun 2, 2014 at 7:48 AM, Jesse Smith <jes...@ya... > <mailto:jes...@ya...>> wrote: > > Which is why I hope to > have a firewall-level solution in place in the near future. It is my > hope to have support for iptables and pf soon. > > > Isn't fail2ban exactly this? > https://github.com/fail2ban/fail2ban > > Fail2Ban is a similar tool. It is not exactly the same, but there is feature overlap. I'm not sure what your point is? |
From: Eugene V. <evi...@gm...> - 2014-06-03 13:55:44
|
On Mon, Jun 2, 2014 at 7:48 AM, Jesse Smith <jes...@ya...> wrote: > Which is why I hope to > have a firewall-level solution in place in the near future. It is my > hope to have support for iptables and pf soon. > Isn't fail2ban exactly this? https://github.com/fail2ban/fail2ban |
From: Jesse S. <jes...@ya...> - 2014-06-02 12:48:13
|
I did read through the posts about tcp_wrappers. Which is why I hope to have a firewall-level solution in place in the near future. It is my hope to have support for iptables and pf soon. Jesse On 14-06-02 12:08 AM, Daniel Norton wrote: > You might want to review the archives about dependencies on tcp_wrappers > and the end-of-life for tcp_wrappers. > > On Jun 1, 2014, at 6:09 PM, Jesse Smith <jes...@ya... > <mailto:jes...@ya...>> wrote: > >> DenyHosts users and developers, >> >> As it appears as though DenyHosts is no longer being actively maintained >> and I have not been able to get in contact with the original author, I >> have decided to fork the DenyHosts project. >> >> The new project, DenyHost [1] picks up where DenyHosts 2.6 left off. I >> have applied the available patches from Debian and FreeBSD. I am >> currently working my way through the Debian and Fedora bug reports to >> try to fix existing problems. I am also applying patches people have >> kindly volunteered and posted to the DenyHosts SF forum. >> >> If anyone here would like to get involved, please drop me a line, I can >> always use more help. Also, please feel free to check out the new git >> repository [2] and send me patches for fixes/features. >> >> My long-term goals include getting the new DenyHost into the various >> Linux distributions, add/improve support for firewall level filtering >> and improve systemd support. >> >> Best regards, >> Jesse Smith >> jes...@ya... <mailto:jes...@ya...> >> >> [1] http://denyhost.sourceforge.net/ >> [2] git clone git://git.code.sf.net/p/denyhost/code denyhost-code >> >> ------------------------------------------------------------------------------ >> Time is money. Stop wasting it! Get your web API in 5 minutes. >> www.restlet.com/download >> http://p.sf.net/sfu/restlet >> _______________________________________________ >> Denyhosts-user mailing list >> Den...@li... >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user > |
From: Daniel N. <da...@da...> - 2014-06-02 03:24:27
|
You might want to review the archives about dependencies on tcp_wrappers and the end-of-life for tcp_wrappers. On Jun 1, 2014, at 6:09 PM, Jesse Smith <jes...@ya...> wrote: > DenyHosts users and developers, > > As it appears as though DenyHosts is no longer being actively maintained > and I have not been able to get in contact with the original author, I > have decided to fork the DenyHosts project. > > The new project, DenyHost [1] picks up where DenyHosts 2.6 left off. I > have applied the available patches from Debian and FreeBSD. I am > currently working my way through the Debian and Fedora bug reports to > try to fix existing problems. I am also applying patches people have > kindly volunteered and posted to the DenyHosts SF forum. > > If anyone here would like to get involved, please drop me a line, I can > always use more help. Also, please feel free to check out the new git > repository [2] and send me patches for fixes/features. > > My long-term goals include getting the new DenyHost into the various > Linux distributions, add/improve support for firewall level filtering > and improve systemd support. > > Best regards, > Jesse Smith > jes...@ya... > > [1] http://denyhost.sourceforge.net/ > [2] git clone git://git.code.sf.net/p/denyhost/code denyhost-code > > ------------------------------------------------------------------------------ > Time is money. Stop wasting it! Get your web API in 5 minutes. > www.restlet.com/download > http://p.sf.net/sfu/restlet > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > https://lists.sourceforge.net/lists/listinfo/denyhosts-user |
From: Jesse S. <jes...@ya...> - 2014-06-01 23:09:11
|
DenyHosts users and developers, As it appears as though DenyHosts is no longer being actively maintained and I have not been able to get in contact with the original author, I have decided to fork the DenyHosts project. The new project, DenyHost [1] picks up where DenyHosts 2.6 left off. I have applied the available patches from Debian and FreeBSD. I am currently working my way through the Debian and Fedora bug reports to try to fix existing problems. I am also applying patches people have kindly volunteered and posted to the DenyHosts SF forum. If anyone here would like to get involved, please drop me a line, I can always use more help. Also, please feel free to check out the new git repository [2] and send me patches for fixes/features. My long-term goals include getting the new DenyHost into the various Linux distributions, add/improve support for firewall level filtering and improve systemd support. Best regards, Jesse Smith jes...@ya... [1] http://denyhost.sourceforge.net/ [2] git clone git://git.code.sf.net/p/denyhost/code denyhost-code |
From: Jason L T. I. <ti...@ma...> - 2014-04-27 18:01:22
|
>>>>> "JK" == Jerry Kemp <app...@or...> writes: JK> I was unaware that OpenSSH was dropping support for tcpwrappers. It was just discussed on their development mailing list. This comes on the heels of Fedora's discussion of removing tcp_wrappers from the distribution, so I imagine I'll be dropping denyhosts from Fedora in any case. JK> Do you know, is this a firm thing? Or just a possible plan? Well, there was some objection but the developers seem pretty convinced that it needs to go. I don't disagree with them; the tcp_wrappers code is pretty terrible and has been abandoned for something like 17 years. JK> I wonder if there is anything we can do as end users to help reverse JK> this decision. Well, you can carry local patches if you want, spearhead some effort to write some tcp_wrappers-compatible library that isn't so scary from a security standpoint, adapt denyhosts to use some other mechanism (like the host's firewall, which is the proper place to do this), use some other software that still works (fail2ban) or simply fail to adapt and run outdated software. Or I guess you could complain to the openssh developers that you don't want anything to change except their minds and hope they listen to you. I know which direction I'm going. - J< |
From: Jerry K. <app...@or...> - 2014-04-26 16:54:38
|
Hello Jason, Thank you for your post. I was unaware that OpenSSH was dropping support for tcpwrappers. Now I need to go and read up on this. Do you know, is this a firm thing? Or just a possible plan? I wonder if there is anything we can do as end users to help reverse this decision. Jerry On 04/26/14 11:08 AM, Jason L Tibbitts III wrote: > So, with OpenSSH deciding to drop tcpwrappers support, there doesn't > appear to be too much future for denyhosts unless someone does the work > to make it either generate firewall rules or generate whatever sshd > configuration is needed to make use of its internal host matching > logic. (Though the latter really isn't preferable since it will reject > the connection much later in the negotiation process.) > > Doing the firewall thing basically leaves denyhosts in the same boat as > fail2ban, except that fail2ban does more than ssh, supports the systemd > journal on Linux distros that use it, and seems to be actively > developed. > > Due to this I will probably drop denyhosts from Fedora. I haven't been > the best maintainer in any case but there is no point in keeping the > software around if it doesn't do much of anything. > > - J< > |