Results 1 to 9 of 9

Thread: hosts.deny

  1. #1


    Completely new stuff for me so i have a few basic questions.

    It all started after i've noticed a lot "/" lines in log and after i've found they are random scanning by some hacker tool.

    It is suggested to block IP's from where those attacks is comming by putting IP+s in host.deny.

    Correct me what i am doing wrong as i keep seeing those scans after I've updated deny file.

    I've edited hosts.deny like this:


    That is correct?

    After that i've restarted sshd service but i still someone scanning my server from those IP's.

    What i am doing wrong?

  2. #2
    Join Date
    Mar 2009
    Chicago, IL
    They should be on individual lines, not all on one.

    However tbh, you simply can't stop these scans by using hosts.deny. It's akin to trying to stop a flood with a bucket. This sort of activity goes on 24x7x365 from hundreds of thousands of IPs and will never stop.

    You might look into something like APF/CSF firewalls which are capable of pulling a list of "known bad hosts" and blocking those right off the start in addition to quite a few other security related features.

    You'll simply go mad trying to add those all by hand.

  3. #3
    Join Date
    May 2009
    On a Speck!!!!!
    Apf with bfd is a nice option. Manually adding the IP is not practical if the attack is too high.

  4. #4
    Thank you for quick reply.

    Those scans are from only a few IP's. GUess it is not so random scans when they all come from only a few IP's.

    Idividual this?


    No spaces between : and IP?

  5. #5
    Join Date
    May 2009
    On a Speck!!!!!
    Yeah It is correct.

  6. #6
    Thank you for help.

  7. #7
    I have added in host.deny those IP's but i still see attempts coming from those IP's in appache error log.

    Just ot ask, this is those line(s) in appache error log:
    [client] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /

    That is scans with some hack tool. How dangerous is that if server is basically just installed without any security modifications?

    And, putting those IP's in host.deny shoudl prevent access to server completely or it still will show in these logs?

  8. #8
    I'm not sure that if sshd would respond to the hosts.deny files. But you can try installing csf firewall using "csf -d Ip_address" to block Ip address range.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  9. #9
    I will try with csf firewall.

Similar Threads

  1. hosts.deny Maximum?
    By SI-Chris in forum Hosting Security and Technology
    Replies: 2
    Last Post: 08-04-2007, 06:04 PM
  2. hosts.deny
    By infernus in forum Dedicated Server
    Replies: 1
    Last Post: 12-29-2004, 04:22 PM
  3. hosts.deny SMTP
    By Mexico Joe in forum Hosting Security and Technology
    Replies: 4
    Last Post: 12-25-2002, 05:06 PM
  4. hosts.deny file, need some help
    By Andrew Pakula in forum Dedicated Server
    Replies: 3
    Last Post: 08-20-2001, 07:07 PM
  5. hosts.deny file, need help
    By Andrew Pakula in forum Web Hosting
    Replies: 4
    Last Post: 08-19-2001, 05:06 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts