Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [denyhosts]

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It identifies brute force attacks and bans access using tcp_wrappers, and in recent versions iptables.

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python.

30 questions
65
votes
11 answers

Denyhosts vs fail2ban vs iptables- best way to prevent brute force logons?

I'm setting up a LAMP server and need to prevent SSH/FTP/etc. brute-force logon attempts from succeeding. I've seen many recommendations for both denyhosts and fail2ban, but few comparisons of the two. I also read that an IPTables rule can fill the…
spiffytech
  • 1,043
  • 2
  • 11
  • 16
10
votes
4 answers

How to block all root login attempts using denyhosts and or fail2ban?

I currently block all ssh logins using root. But I wanted to go the extra mile and block the ip address of the client who tried to login as root. I currently have denyhosts and fail2ban setup and working, can I use denyhosts and or fail2ban to block…
samwell
  • 339
  • 1
  • 6
  • 13
6
votes
4 answers

How to delete ip address from denyhosts

I was experimenting with denyhosts from my home computer and now it has blocked my ip address and put in /etc/hosts.deny. Now my ip is not static and it chnages every week so i cna have fixed ip in hosts.allow. I tried manually deleting that ip from…
John
6
votes
6 answers

fail2ban and denyhosts constantly ban me on Ubuntu

I just got an Ubuntu instance on Linode. To secure the SSH on it, I installed fail2ban (using apt-get), but then had a problem: fail2ban kept banning my IP (for limited durations, thankfully) even though I was entering the correct password. So I…
Trey Parkman
  • 59
  • 1
  • 3
5
votes
4 answers

Any point using Denyhosts for SSH when only RSA key logins are allowed anyway?

Right, so if I can only SSH into my box by having the appropriate RSA keys configured, is there any point in using Denyhosts for SSH as well? Or is Denyhosts only looking at keyboard-interactive / password logins for SSH? Don't get me wrong,…
Dougal
  • 61
  • 2
4
votes
3 answers

denyhosts ignoring /etc/hosts.allow

I'm running Ubuntu 13.10 (not LTS, I know...). I have denyhosts installed. I have /etc/hosts.deny and /etc/hosts.allow. I've added 2 IPs to hosts.allow (home + work). However, whenever I sign in from these IPs, I get an email telling me a suspicious…
Simon
  • 165
  • 1
  • 8
4
votes
1 answer

Looking to Block Large Number of IPs

We have a server that consistently gets pounded by people trying to break in. We have DenyHosts and Fail2Ban running on the server but it still gets a ton of traffic from people who are up to no good. My boss is finally tired of it, he went to…
user140816
4
votes
1 answer

Denyhosts: Should I ever clear the denied IP hosts file?

This may not be a performance issue, but I have something like 110,000 ips blocked in hosts.deny (2 years of denyhosting). Should I ever clear hosts.deny? Does anyone have any experience with what happens when you do so?
Kzqai
  • 1,278
  • 4
  • 17
  • 32
3
votes
1 answer

Can I use DenyHosts for a SMTP service

I would like to block some hosts that are brute forcing my SMTP server. I'm currently using DenyHosts for SSHD and was wondering if I can add the SMTP service too. It could be possible based on this…
Derick Schoonbee
  • 131
  • 1
  • 2
2
votes
3 answers

Solaris 11 sshd brute force protection. DenyHosts equivalent for Solaris 11

I'm getting regular attempts to brute force ssh on a x86 solaris 11.1 server. On linux I use DenyHosts to block connections after a number of incorrect login attempts. Is there a similar package for Solaris 11.1 or any recommendations on other…
dannix
  • 97
  • 1
  • 1
  • 10
2
votes
1 answer

Why does my hosts.deny not work on OSX 10.8?

For testing it I added these four lines to my /etc/hosts.deny file: # /etc/hosts.deny ssh-agent:ALL sshd:ALL   I waited some time and then I tried to gain ssh access to the loop-back IP address. But I still get this: $ ssh root@localhost Password:…
Lenar Hoyt
  • 123
  • 1
  • 5
2
votes
1 answer

How should I manually add IP addresses to denyhosts?

I have a few IP addresses I want to add manually to denyhosts because they're huge sources of inbound spam. What's the best way to do this? Or should I not be messing with it? I want to manually add these to denyhosts, but I don't see a way to do…
Andy Lester
  • 740
  • 5
  • 16
2
votes
1 answer

What is the difference between using ipfw and hosts.deny in terms of security?

I'm in the middle of securing an OSX server that is the target of hundreds of automated requests per second from Chinese, Russian and US servers (see: Recovering a server from being an open relay). I've used ipfw to set up rules that exclude all but…
brass-kazoo
  • 178
  • 6
2
votes
3 answers

DenyHosts - Everytime I block myself

Since I installed DenyHosts I get the error "ssh_exchange_identification" if I want to login via ssh to my server. If I lookup /etc/hosts.deny I find my IP inside there. How could I prevent that my IP everytime putted inside there?
Poru
  • 25
  • 4
1
vote
1 answer

Configuring denyhosts to ignore cron-jobs

So I recently setup denyhosts for my personal server, and it's working fine, except for the fact that it seems to be processing every single cron session, rather than just external accesses. End result is that /var/log/auth.log is full of entries…
Haravikk
  • 267
  • 4
  • 12
1
2