LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-08-2013, 11:20 PM   #1
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Rep: Reputation: 26
Question Please help me to understand this entry in /etc/hosts


Hi everyone,
I just checked my /etc/hosts.deny file and found that 2 entries have been added to it:
Code:
ALL:www.cjaas.com
ALL:122.139.60.134
Since I have not added those entries manually, I assume that some daemon must have done it. But which one and why?
I just checked and the IP 122.139.60.134 actually resolves to the domain www.cjaas.com.
According to the following sites
http://spawncamp.net/~jason/deniedhosts.html
http://www.dshield.org/ipinfo.html?ip=122.139.60.134
this IP is from China... should I assume some chinese has tried to break into my system?
 
Old 01-09-2013, 12:12 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Are you running any services on your system that are accessible to the outside world? The only daemon I know of personally that would do this is DenyHosts, which is meant to stop SSH brute force attacks. Do you have an SSH server and DenyHosts running on the machine?
 
1 members found this post helpful.
Old 01-09-2013, 12:54 AM   #3
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
I only can say that this IP has blocked and cannot access your system.
Well, I found one useful thread here: http://forums.devshed.com/bsd-help-3...ny-322368.html
Moreover, you can follow manual of hosts.deny for detailed info.
Ain't there firewall setting on this system?
 
1 members found this post helpful.
Old 01-09-2013, 06:36 AM   #4
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by btmiller View Post
Are you running any services on your system that are accessible to the outside world? The only daemon I know of personally that would do this is DenyHosts, which is meant to stop SSH brute force attacks. Do you have an SSH server and DenyHosts running on the machine?
Yes, I am running an SSH server on that server. It is accessible from the outside but it has been protected, i.e., root login is not allowed via SSH, normal user login is disabled after 3 unsuccessful attempts, and so forth. However, I had never heard about the DenyHosts daemon before.
 
Old 01-09-2013, 06:50 AM   #5
gacanepa
Member
 
Registered: May 2012
Location: San Luis, Argentina
Distribution: Debian
Posts: 203

Original Poster
Rep: Reputation: 26
Quote:
Originally Posted by shivaa View Post
I only can say that this IP has blocked and cannot access your system.
Well, I found one useful thread here: http://forums.devshed.com/bsd-help-3...ny-322368.html
Moreover, you can follow manual of hosts.deny for detailed info.
Ain't there firewall setting on this system?
That was really helpful, thank you! I will add to your reputation .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
entry in /etc/hosts zafar466 Programming 1 06-09-2008 03:51 PM
/etc/hosts entry? batard Linux - Newbie 5 03-25-2005 02:22 PM
hosts MX entry twistedpair Linux - Networking 1 01-10-2004 04:01 AM
hosts entry for a lan unit with no dns entry linxtc Linux - Networking 1 10-03-2003 09:05 AM
Hmmm..Log Entry I Don't Understand Crashed_Again Linux - Security 1 05-19-2003 04:25 AM


All times are GMT -5. The time now is 02:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration