try testing using an IP you have access to.<br>You can log attempts by doing something like this in your wrappers<br><span class="e" id="q_10a426b17e7d401f_4"><span>ALL: <a href="http://219.106.229.178">219.106.229.178</a>
: spawn /bin/echo `/bin/date` access denied>>/var/log/messages : deny<br><br>I haven't done this in a while so you might want to do a google on logging tcp wrappers<br>If this doesn't give you what you want you might try using iptables, since wrappers only protects against services under xinetd.
<br><br>Nick Baronian<br><br><br></span></span><br><div><span class="gmail_quote">On 3/28/06, <b class="gmail_sendername">Bill Watson</b> <<a href="mailto:bill@magicdigits.com">bill@magicdigits.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div style="direction: ltr;">
<div><span><font color="#0000ff" face="Tahoma" size="4">I did
a:</font></span></div>
<div><span><font color="#0000ff" face="Tahoma" size="4">service vsftpd stop</font></span></div>
<div><span><font color="#0000ff" face="Tahoma" size="4">service vsftpd start</font></span></div>
<div><span><font color="#0000ff" face="Tahoma" size="4"></font></span> </div>
<div><span><font color="#0000ff" face="Tahoma" size="4">and
the non-stop hacking on vsftpd stopped. Could be one of 2 things, either this
solved my problem permanently, or stopping the service for a few seconds caused
his automatic hack program to hang. Dunno which for now, nor know how to tell
which did it. Is stuff nuked by hosts.deny logged somewhere?</font></span></div>
<div><span><font color="#0000ff" face="Tahoma" size="4"></font></span> </div>
<div><span><font color="#0000ff" face="Tahoma" size="4">Thanks for you help!</font></span></div>
<div><span><font color="#0000ff" face="Tahoma" size="4">Bill</font></span></div>
<blockquote style="margin-right: 0px;">
<div></div>
<div dir="ltr" align="left" lang="en-us"><font face="Tahoma" size="2"></font></div><font face="Tahoma" size="2"></font><div style="direction: ltr;"><span class="q"><font face="Tahoma" size="2">-----Original Message-----
<br><b>From:</b>
<a href="mailto:rhn-users-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">rhn-users-bounces@redhat.com</a> [mailto:<a href="mailto:rhn-users-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
rhn-users-bounces@redhat.com</a>] <b>On
Behalf Of </b>Kvetch<br></font></span></div><div style="direction: ltr;"><span class="e" id="q_10a426b17e7d401f_2"><font face="Tahoma" size="2"><b>Sent:</b> Tuesday, March 28, 2006 11:26
AM<br><b>To:</b> Red Hat Network Users List<br><b>Subject:</b> Re: [rhn-users]
I need help with hosts.deny - doesn't work asIexpected<br><br></font></span></div><div style="direction: ltr;"></div></blockquote></div><div style="direction: ltr;"><span class="e" id="q_10a426b17e7d401f_4">tcp
wrappers are automatic and no service needs restarting. Try restarting
vsftd then try again.<br>If you have nothing in your hosts.allow and in your
hosts.deny you have<br><br><span>ALL: <a href="http://219.106.229.178/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">219.106.229.178</a><br>ALL:<span style="text-decoration: underline;"> </span>
<a href="http://72.129.200.46/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">72.129.200.46</a><br>ALL:
200.38.<br>ALL: 64.182.</span><br><br>It should block them.<br>Can you
retest?<br>Nick Baronian<br><br><br>
<div><span class="gmail_quote">On 3/28/06, <b class="gmail_sendername">Bill
Watson</b> <<a href="mailto:bill@magicdigits.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bill@magicdigits.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div style="direction: ltr;">
<div><span><font color="#0000ff" face="Tahoma" size="4">Yes I do have
tcp_wrappers=YES in vsftpd.conf</font></span></div></div>
<div style="direction: ltr;"><span>
<div><span><font color="#0000ff" face="Tahoma" size="4"></font></span> </div>
<div><span><font color="#0000ff" face="Tahoma" size="4">Bill</font></span></div></span></div>
<div style="direction: ltr;"><span>
<blockquote style="margin-right: 0px;">
<div></div>
<div dir="ltr" align="left" lang="en-us"><font face="Tahoma" size="2">-----Original
Message-----<br><b>From:</b> <a href="mailto:rhn-users-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">rhn-users-bounces@redhat.com</a> [mailto:<a href="mailto:rhn-users-bounces@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
rhn-users-bounces@redhat.com</a>] <b>On Behalf Of
</b>Kvetch<br><b>Sent:</b> Tuesday, March 28, 2006 10:56 AM<br><b>To:</b>
Red Hat Network Users List<br><b>Subject:</b> Re: [rhn-users] I need help
with hosts.deny - doesn't work as Iexpected<br><br></font></div>Do you
have <br>tcp_wrappers=YES<br>in your vsftpd.conf?<br><br>Nick
Baronian<br><br>
<div><span class="gmail_quote">On 3/28/06, <b class="gmail_sendername">Bill
Watson</b> <<a href="mailto:bill@magicdigits.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bill@magicdigits.com
</a>> wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I
have /etc/hosts.allow that has no entries. I have /etc/hosts.deny that
<br>has:<br><br>ALL: <a href="http://219.106.229.178" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">219.106.229.178</a><br>ALL:
<a href="http://72.129.200.46" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">72.129.200.46</a><br>ALL:
200.38.<br>ALL: 64.182.<br><br>>From my readings, I should not be
getting any messages from 200.38.x.x, yet<br>my /var/log/messages
shows:<br>Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check
pass; user<br>unknown<br>Mar 28 10:50:36 helmethouse
vsftpd(pam_unix)[23790]: authentication failure;<br>log<br>name= uid=0
euid=0 tty= ruser= rhost=<a href="http://200.38.16.6" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.38.16.6</a><br>Mar 28
10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass;
user<br>unknown<br>Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]:
authentication failure; <br>log<br>name= uid=0 euid=0 tty= ruser=
rhost=<a href="http://200.38.16.6" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.38.16.6</a><br><br>And keeps
going with a new entry every few seconds.<br><br>Is /etc/hosts.deny
properly set up?<br>Is /etc/hosts.deny immediately active or must some
service be restarted to <br>make it go?<br>Does vsftpd bypass
/etc/hosts.deny?<br><br>Thanks!<br>Bill Watson<br><a href="mailto:bill@magicdigits.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">bill@magicdigits.com</a><br><br><br>_______________________________________________
<br>rhn-users mailing list <br><a href="mailto:rhn-users@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">rhn-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/rhn-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/rhn-users</a><br></blockquote></div><br></blockquote></span></div><br>_______________________________________________<br>rhn-users
mailing list<br><a href="mailto:rhn-users@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">rhn-users@redhat.com</a><br><a href="https://www.redhat.com/mailman/listinfo/rhn-users" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/rhn-users</a><br><br></blockquote></div><br></span></div><div style="direction: ltr;">
</div><br>_______________________________________________<br>rhn-users mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:rhn-users@redhat.com">rhn-users@redhat.com</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.redhat.com/mailman/listinfo/rhn-users" target="_blank">
https://www.redhat.com/mailman/listinfo/rhn-users</a><br><br></blockquote></div><br>