[arch-general] bftp & denyhosts
Sergey Manucharian
sergeym at rmico.com
Sun Oct 12 19:18:20 EDT 2008
Hi folks,
I run the bftp server, and since sometimes bad boys try to brake in
scanning usernames/passwords I also run denyhosts daemon. It puts a
suspicious IP address into /etc/hosts.deny after 5 attempts to login
using unexciting username and so on. Today I've noticed that every few
second somebody tries to login:
# tail /var/log/bftpd.log
.....
Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Incoming connection
from 200.175.254.59.
Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Login as user
'Administrator' failed.
Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Quitting.
Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24260]: Incoming connection
from 200.175.254.59.
Sun Oct 12 16:58:22 2008 /usr/sbin/bftpd[24260]: Login as user
'Administrator' failed.
Sun Oct 12 16:58:22 2008 /usr/sbin/bftpd[24260]: Quitting.
But the IP address is already blacklisted 4 days ago:
# grep 200.175.254.59 /etc/hosts.deny
# DenyHosts: Wed Oct 8 13:01:55 2008 | ALL: 200.175.254.59
ALL: 200.175.254.59
How it it can happen?
Thanks for ideas.
Sergey.
More information about the arch-general
mailing list