I'm copying this bug report as it has been closed on the debian issue list without solving. This issue is also affecting me on ubuntu server 13.10.
See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729322 for original report.
Package: denyhosts
Version: 2.6-10
I am observing spurious "suspicious login" warnings from DenyHosts after
a recent upgrade of one of my servers to Ubuntu 13.10. The logins that
are causing warnings are in fact not what falls under DenyHosts'
definition of "suspicious" [1]. I think this is relevant for the
denyhosts package in Debian, so that's why I am reporting it here
instead of at Launchpad (package is unmodified in Ubuntu). The package
was not changed in the upgrade, but Python was upgraded from v2.7.4 to
v2.7.5.
[1] http://denyhosts.sourceforge.net/faq.html#3_20 (see description for
"suspicious-logins").
I took a look at the code, and it looks like a hidden bug that is now
causing problems when using the newer Python version.
The code in "DenyHosts/loginattempt.py", on line 78, compares a Python
class instance directly to an integer (to check if an attempt count is
above a threshold). Python docs state that such ordering is arbitrary,
but consistent [2]. (The relevant classes are found in
"DenyHosts/counter.py".) So a change in Python version may cause
different results in the comparison I guess.
[2] http://docs.python.org/2/library/stdtypes.html#comparisons
Here's a test between Python 2.7.3 and 2.7.5 which demonstrates how
comparison behaviour can change, and thus why this bug is suddenly
visible in denyhosts without any changes to the package itself:
Python 2.7.5+ (default, Sep 19 2013, 13:48:49)
[GCC 4.8.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
class Test: pass
...
Test() > 5
True
Python 2.7.3 (default, Sep 26 2013, 20:03:06)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
class Test: pass
...
Test() > 5
False
Now the comparsion yields 'True' and causes false warnings. I think the
code in is not making sense and that it's a bug.
I am attaching a patch against denyhosts-2.6.orig.tar.gz which fixes the
problem for me and also corrects the doc string for class Counter in
"DenyHosts/counter.py". Please take a look and consider fixing it in the
package.
[denyhosts-fix-suspicious-comparison.patch (text/x-diff, inline)]
diff -uNr DenyHosts-2.6.orig/DenyHosts/counter.py DenyHosts-2.6/DenyHosts/counter.py
--- DenyHosts-2.6.orig/DenyHosts/counter.py 2006-02-09 02:17:24.000000000 +0100
+++ DenyHosts-2.6/DenyHosts/counter.py 2013-11-11 19:38:22.139460660 +0100
@@ -43,8 +43,8 @@
class Counter(dict):
"""
- Behaves like a dictionary, except that if the key isn't found, 0 is returned
- rather than an exception. This is suitable for situations like:
+ Behaves like a dictionary, except that if the key isn't found, a new instance of CounterRecord
+ is returned rather than an exception being raised. This is suitable for situations like:
c = Counter()
c['x'] += 1
"""
diff -uNr DenyHosts-2.6.orig/DenyHosts/loginattempt.py DenyHosts-2.6/DenyHosts/loginattempt.py
--- DenyHosts-2.6.orig/DenyHosts/loginattempt.py 2006-05-21 02:58:56.000000000 +0200
+++ DenyHosts-2.6/DenyHosts/loginattempt.py 2013-11-11 16:38:23.461590916 +0100
@@ -75,7 +75,7 @@
self.__abusive_hosts_invalid[host].reset_count()
[Message part 3 (text/plain, inline)]
Thank you.
< Øyvind Stegard
< http://stegard.net/
I know that unfortunately Debian (and subsequently Debian derivatives such as Ubuntu) have removed DenyHosts from their repositories due to lack of development, but I want to thank you for this patch because I still prefer to use DenyHosts and it was annoying to constantly receive emails reporting false suspicious logins.
I have tested this patch on several machines and it fixes the issue--thanks!!
Last edit: Jared Fernandez 2014-06-16
This bug tracker appears no longer monitored. Please see https://github.com/denyhosts/denyhosts/issues/16