Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-10-2006, 07:07 PM   #1
Registered: May 2006
Posts: 38

Rep: Reputation: 15
Growing ever concerned about attacks on SSH

Over the past few weeks I noticed many failed logins from various IPs on Samba and SSHD. After advice given on here I was pointed towards DenyHosts which seemed to be doing its job correctly. I've checked my roots mail just and I see.

PHP Code:
Connections Denied:
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 3 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 5 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 1 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 2 Time(s)
lib/access.c:check_access(328) 2 Time(s)
smbd/process.c:process_smb(110387.10.29.244 1 Time(s)
smbd/process.c:process_smb(110387.10.84.135 1 Time(s)
smbd/process.c:process_smb(110387.107.226.158 2 Time(s)
smbd/process.c:process_smb(110387.110.74.5 3 Time(s)
smbd/process.c:process_smb(110387.120.52.16 2 Time(s)
smbd/process.c:process_smb(110387.123.100.35 5 Time(s)
smbd/process.c:process_smb(110387.234.207.220 2 Time(s)
smbd/process.c:process_smb(110387.24.216.19 2 Time(s)
smbd/process.c:process_smb(110387.242.27.152 2 Time(s)
smbd/process.c:process_smb(110387.243.150.66 2 Time(s)
smbd/process.c:process_smb(110387.247.167.157 1 Time(s)
smbd/process.c:process_smb(110387.3.131.207 1 Time(s)
smbd/process.c:process_smb(110387.51.244.250 1 Time(s)
smbd/process.c:process_smb(110387.53.254.231 1 Time(s)
smbd/process.c:process_smb(110387.64.26.202 1 Time(s)
smbd/process.c:process_smb(110387.7.177.206 2 Time(s)
smbd/process.c:process_smb(110387.78.86.12 2 Time(s)
smbd/process.c:process_smb(110387.8.144.98 2 Time(s
But DenyHosts doesn't seem to have blocked any of the IPs. Is there any other cautions I can take to stop unwanted access besides DenyHosts?

Thanx in advance,
Old 09-11-2006, 03:33 AM   #2
Senior Member
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I don't know what your exact requirements are, but I suggest considering (to the extent feasible) trying to block access at the firewall.
Old 09-11-2006, 04:34 AM   #3
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
@impulse(): If you made certain DenyHosts didn't block those you probably made a mistake configuring it. If it has problems you can't fix it would be good to inform its developer or maintainer. Next read the sticky thread "Failed SSH login attempts" in this forum for an overview of other software with similar capabilities.

@blackhole54: spastic post button behaviour is a clientside problem. No software will ever be able to compensate for that. If you "think" the button does not respond please *wait* a minute or so.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Preventing SSH Dictionary Attacks With DenyHosts LXer Syndicated Linux News 0 02-19-2006 12:01 PM
New and concerned- FW question aquaboot Linux - Security 3 08-17-2005 06:46 PM
should i be concerned (defragment?)... marsques Slackware 6 01-13-2005 01:10 AM
Should I be concerned? LinuxBAH Linux - Security 8 02-07-2004 01:24 PM
should i be concerned Zaius Linux - Newbie 3 01-26-2004 03:40 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration