I have a few questions about hosts.allow
1) There are 2 IPs in this file. I did not put them there. This is a dedicated machine. The IPs go to a Canadian hosting company. I am not in Canada and those are not my IPs.
2) Does my provider have the right to add IPs to this file without my consent?
3) I have already commented them out, of course, but I am concerned.
What would you do if it happened on your server?
hosts.allow insertion does sound somewhat odd... If you fully manage the server though, the hosting provider shouldn't be adding anything in there unless it's to help troubleshoot an issue you're having. Anything beyond that should be documented to you so you know why it was done.
If something like this occured on my server, I would install file change monitoring software to see how it was occuring.
Well, yes I have been asking them for help.
I've been troubleshooting the fact that my ipchains or iptables won't work and I've personally and manually added over 5000 IPs to my routing table but the incoming connections to sendmail are still coming strong. I'm using mail/access to discard but the quantity is such that my maillog shows deferring constantly. Haven't crashed in 4 days tho.
I will lookup file change monitoring software, thank you.
Sorry if I'm jumping in at the wrong point, but, hosts.allow (TCP Wrappers) take affect after NetFilter (IP Tables), so, it won't have any affect if your IP tables are setup correctly.
Obviously the ethics of them adding in items to hosts.allow is a different point, but, you can circumvent those additions by blocking them first with IP tables.
I always used to struggle with IP tables but I think I've got the basic hang of them now, perhaps you could post with your problems and we might be able to help you out.
Andrew, Thank you for offering help.
I'm deciding what to do next. I hired someone to come in and setup ipchains to stop this incoming mail problem but it was found that ipchains and iptables won't work.
Redhat is not compatible with the kernel, Ensim needs an upgrade, and the server is too fast for the harddrive. Of course the provider wants to charge me to fix it all even though I couldn't have possibly told them to spec out my machine in such a way.