1

I am using denyhosts on my FreeBSD (6.2) box, and everything appears to be working fine, except denyhosts keeps adding the same 4 hosts to my denied file over and over.

eli18.internetdsl.tpnet.pl
mx-int.rundblick.de
vmnepo05.deri.ie
v29051.1blu.de

Has anyone else seen this, or better yet know how to fix it? I googled for this, and didn't find any answers. One person had a similar problem, but no solution.

Edit:

Just to clarify I currently have denyhosts configured to write all denied hosts to /etc/hosts.deniedssh, and my /etc/hosts.allow uses that file in a rule to deny access to all hosts in that file. Denyhosts for whatever reason keeps adding the same four hosts to hosts.deniedssh

Edit 2: Here are the relevant portions of my denyhosts.conf file

# Mandrake, FreeBSD or OpenBSD:
SECURE_LOG = /var/log/auth.log
# Most operating systems:
HOSTS_DENY = /etc/hosts.deniedssh
#######################################################################
#
# WORK_DIR: the path that DenyHosts will use for writing data to
# (it will be created if it does not already exist).
#
# Note: it is recommended that you use an absolute pathname
# for this value (eg. /home/foo/denyhosts/data)
#
WORK_DIR = /usr/local/share/denyhosts/data

Additionally the four hosts in question are no where to be found in my /var/log/auth.log file (at least not the most current one).

grieve
  • 1,547
  • 3
  • 17
  • 18

4 Answers4

1

Sounds to me like denyhosts is checking one file for its lists of hosts being denied (/etc/hosts.deny maybe?) but writing out newly denied hosts to /etc/hosts.deniedssh ; since they're not the same, it never 'realizes' that they've already been added so it keeps re-adding them.

How did you get it to write to /etc/hosts.deniedssh?

pjz
  • 10,595
  • 1
  • 32
  • 40
0

They're obviously causing problems, so if its always the same 4 people just permanently block them using your firewall?

Adam Gibbins
  • 7,317
  • 2
  • 29
  • 42
  • Well denyhosts is adding them to a list for tcpwrappers, would should block them. The question is why does it keep adding them to that list over and over? – grieve Jun 03 '09 at 14:45
0

Have you tried adding the hosts to /etc/hosts.allow?

Also, denyhosts has its own internal cache, and if you edit hosts.deny without stopping denyhosts first, it will simply overwrite your changes after a minute or so.

user1686
  • 10,162
  • 1
  • 26
  • 42
  • I currently have denyhosts configured to write all denied hosts to /etc/hosts.deniedssh, and my /etc/hosts.allow uses that file in a rule to deny access to all hosts in that file. Denyhosts for whatever reason keeps adding the same for hosts to hosts.deniedssh – grieve Jun 03 '09 at 16:12
  • Then either you don't stop denyhosts before removing it, or the host is simply triggering denyhosts over and over. – user1686 Jun 03 '09 at 16:56
0

You can add hosts/ips to /var/lib/denyhosts/allowed-hosts to prevent them from ever being added no matter how many logins they fail.

Stick
  • 658
  • 4
  • 10