Hi folks, I run the bftp server, and since sometimes bad boys try to brake in scanning usernames/passwords I also run denyhosts daemon. It puts a suspicious IP address into /etc/hosts.deny after 5 attempts to login using unexciting username and so on. Today I've noticed that every few second somebody tries to login: # tail /var/log/bftpd.log ..... Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Incoming connection from 200.175.254.59. Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Login as user 'Administrator' failed. Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24254]: Quitting. Sun Oct 12 16:58:21 2008 /usr/sbin/bftpd[24260]: Incoming connection from 200.175.254.59. Sun Oct 12 16:58:22 2008 /usr/sbin/bftpd[24260]: Login as user 'Administrator' failed. Sun Oct 12 16:58:22 2008 /usr/sbin/bftpd[24260]: Quitting. But the IP address is already blacklisted 4 days ago: # grep 200.175.254.59 /etc/hosts.deny # DenyHosts: Wed Oct 8 13:01:55 2008 | ALL: 200.175.254.59 ALL: 200.175.254.59 How it it can happen? Thanks for ideas. Sergey.
