[rhn-users] I need help with hosts.deny - doesn't work asIexpected
Bill Watson
bill at magicdigits.com
Tue Mar 28 19:53:24 UTC 2006
I did a:
service vsftpd stop
service vsftpd start
and the non-stop hacking on vsftpd stopped. Could be one of 2 things, either
this solved my problem permanently, or stopping the service for a few
seconds caused his automatic hack program to hang. Dunno which for now, nor
know how to tell which did it. Is stuff nuked by hosts.deny logged
somewhere?
Thanks for you help!
Bill
-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] On
Behalf Of Kvetch
Sent: Tuesday, March 28, 2006 11:26 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work
asIexpected
tcp wrappers are automatic and no service needs restarting. Try restarting
vsftd then try again.
If you have nothing in your hosts.allow and in your hosts.deny you have
ALL: 219.106.229.178 <http://219.106.229.178/>
ALL: 72.129.200.46 <http://72.129.200.46/>
ALL: 200.38.
ALL: 64.182.
It should block them.
Can you retest?
Nick Baronian
On 3/28/06, Bill Watson <bill at magicdigits.com> wrote:
Yes I do have tcp_wrappers=YES in vsftpd.conf
Bill
-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:
<mailto:rhn-users-bounces at redhat.com> rhn-users-bounces at redhat.com] On
Behalf Of Kvetch
Sent: Tuesday, March 28, 2006 10:56 AM
To: Red Hat Network Users List
Subject: Re: [rhn-users] I need help with hosts.deny - doesn't work as
Iexpected
Do you have
tcp_wrappers=YES
in your vsftpd.conf?
Nick Baronian
On 3/28/06, Bill Watson <bill at magicdigits.com <mailto:bill at magicdigits.com>
> wrote:
I have /etc/hosts.allow that has no entries. I have /etc/hosts.deny that
has:
ALL: 219.106.229.178
ALL: 72.129.200.46
ALL: 200.38.
ALL: 64.182.
>From my readings, I should not be getting any messages from 200.38.x.x, yet
my /var/log/messages shows:
Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: check pass; user
unknown
Mar 28 10:50:36 helmethouse vsftpd(pam_unix)[23790]: authentication failure;
log
name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: check pass; user
unknown
Mar 28 10:50:40 helmethouse vsftpd(pam_unix)[23790]: authentication failure;
log
name= uid=0 euid=0 tty= ruser= rhost=200.38.16.6
And keeps going with a new entry every few seconds.
Is /etc/hosts.deny properly set up?
Is /etc/hosts.deny immediately active or must some service be restarted to
make it go?
Does vsftpd bypass /etc/hosts.deny?
Thanks!
Bill Watson
bill at magicdigits.com
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060328/78a7a56c/attachment.htm>
More information about the rhn-users
mailing list