which log files to check for hosts.deny

I'm trying to get better control of my traffic on linux.

I have placed about 100 IP addresses in my hosts.deny file.
I am curious to know which log file I would use to see if any of these
spammer IP's have been blocked.

Thanks,

On Mon, 27 Nov 2006 11:19:28 -0800, Monty loree wrote:

> I'm trying to get better control of my traffic on linux.
>
> I have placed about 100 IP addresses in my hosts.deny file.
> I am curious to know which log file I would use to see if any of these
> spammer IP's have been blocked.
>
> Thanks,

depends on your linux distro... /var/log/security maybe...
if your looking to block SPAM... /etc/hosts.deny probably
won't do you any good. I don't think that sendmail uses
this... only things that use tcp wrappers use /etc/hosts.allow
and /etc/hosts.deny.

I use iptables to block access to my mail and web ports from
'bad' users.

jack

--
D.A.M. - Mothers Against Dyslexia

see http://www.jacksnodgrass.com for my contact info.

jack - Grapevine/Richardson

Hi Jack,
By spammers I meant scraper sites. They come by and scrape thousands
of my pages.

I want to block the bad guys to give me a better grip of the count of
my good traffic.

I will check /var/log/security.

Many thanks,

Monty Loree

Jack Snodgrass wrote:
> On Mon, 27 Nov 2006 11:19:28 -0800, Monty loree wrote:
>
> > I'm trying to get better control of my traffic on linux.
> >
> > I have placed about 100 IP addresses in my hosts.deny file.
> > I am curious to know which log file I would use to see if any of these
> > spammer IP's have been blocked.
> >
> > Thanks,
>
> depends on your linux distro... /var/log/security maybe...
> if your looking to block SPAM... /etc/hosts.deny probably
> won't do you any good. I don't think that sendmail uses
> this... only things that use tcp wrappers use /etc/hosts.allow
> and /etc/hosts.deny.
>
> I use iptables to block access to my mail and web ports from
> 'bad' users.
>
> jack
>
> --
> D.A.M. - Mothers Against Dyslexia
>
> see http://www.jacksnodgrass.com for my contact info.
>
> jack - Grapevine/Richardson

This is the format that I've got my IP addresses listed.

ALL: 72.20.99.42
ALL: 38.98.120.72
ALL: 193.93.236.7
ALL: 72.14.199.78
ALL: 72.14.199.80
ALL: 203.144.144.164
ALL: 66.249.66.37
ALL: 65.214.44.29
ALL: 72.36.167.42
ALL: 38.102.128.140
ALL: 203.144.144.163
ALL: 195.225.177.40
ALL: 212.42.113.10
ALL: 195.225.177.20
ALL: 64.78.155.100
ALL: 66.249.66.210
ALL: 193.47.80.41

My hosts.allow file looks like this:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#

BTW... Jack,
I checked /var/log/secure file to see if that checks the hosts.deny

/var/log/secure tests for people trying to log into the system.

Best,