I've noticed my denyhosts setup is blocking some other linode users. Since this can only happen after x number of invalid SSH login attempts, what is the best approach according to the community for dealing with this?

1. ignore it and let denyhosts do its job
2. warn the other linode users their site(s) might be compromised
3. file a report with linode

I'm inclined to pick 1, because I don't have time to mess with it, but if there is a strong community sense of self-policing these kinds of thing, I'd be happy to contribute.

cheers!

Send the log snippet to abuse@linode.com

Either those systems are compromised - or the owners are morons to sh*t in their own backyard.

Either way they need to be cleaned up.

+1 - they are sh*tting in our back yard.

_________________
/ Peter

Okay, I gather the relevant logs and forward them on

assuming the ssh login attempts are coming from the local network you should add a firewall rule to block ssh/telnet traffic.

else fail2ban or denyhosts is perfect... oh and reporting is always nice.

fail2ban etc... waste of resources. Just move ssh away from port 22. You can still keep logging syn packets incoming at port 22 if you wish to file reports.

actually, we only allow key-based authentication, but we keep denyhosts on, to trigger complete service bans. I know it is mostly futile in the big scheme of things, but it does provide a curious diversion from time to time.

+1 for abuse@linode.com, they're very responsive.

make sure to include src & dest IPs as well.

Yes, they responded right away and in fact, they had already been alerted earlier about the trouble boxes and had already been working with them to address the issue. I was very impressed!

Always reassuring to know, After reading this i installed DenyHost and im hoping nothing like this happens to me!