View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions getting denyhost hits from other linode users
Log in to Ask a Question

getting denyhost hits from other linode users

general

I've noticed my denyhosts setup is blocking some other linode users. Since this can only happen after x number of invalid SSH login attempts, what is the best approach according to the community for dealing with this?

1. ignore it and let denyhosts do its job

2. warn the other linode users their site(s) might be compromised

3. file a report with linode

I'm inclined to pick 1, because I don't have time to mess with it, but if there is a strong community sense of self-policing these kinds of thing, I'd be happy to contribute.

cheers!

9 Replies

Send the log snippet to abuse@linode.com

Either those systems are compromised - or the owners are morons to sh*t in their own backyard.

Either way they need to be cleaned up.

@vonskippy:

Send the log snippet to abuse@linode.com

Either those systems are compromised - or the owners are morons to sh*t in their own backyard.

Either way they need to be cleaned up.
+1 - they are shtting in our* back yard.

Okay, I gather the relevant logs and forward them on :)

assuming the ssh login attempts are coming from the local network you should add a firewall rule to block ssh/telnet traffic.

else fail2ban or denyhosts is perfect… oh and reporting is always nice.

fail2ban etc… waste of resources. Just move ssh away from port 22. You can still keep logging syn packets incoming at port 22 if you wish to file reports.

actually, we only allow key-based authentication, but we keep denyhosts on, to trigger complete service bans. I know it is mostly futile in the big scheme of things, but it does provide a curious diversion from time to time.

+1 for abuse@linode.com, they're very responsive.

make sure to include src & dest IPs as well.

Yes, they responded right away and in fact, they had already been alerted earlier about the trouble boxes and had already been working with them to address the issue. I was very impressed! :D

@waynemr:

Yes, they responded right away

Always reassuring to know, After reading this i installed DenyHost and im hoping nothing like this happens to me!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct