diff --git a/debian/changelog b/debian/changelog
index 3f8fad85..cf4c0a54 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-fail2ban (0.8.0-3~pre4) unstable; urgency=low
+fail2ban (0.8.0-4) unstable; urgency=low
 
   * Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
     Andrewartha.
@@ -10,6 +10,11 @@ fail2ban (0.8.0-3~pre4) unstable; urgency=low
   * Added a filter for named to catch refused/denied queries
   * jail.conf has specification of protocol (default to tcp) to be provided to
     banaction
+  * Adjusted failregex for sshd filter:
+    - anchored properly at the end of line, and source code has .examples
+      files to perform testing of the rules.
+    - added new explicit rule for users not in the AllowUsers lists
+
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 19 Jun 2007 23:04:02 -0400
 
diff --git a/debian/jail.conf b/debian/jail.conf
index 5395f45d..61f4a41f 100644
--- a/debian/jail.conf
+++ b/debian/jail.conf
@@ -230,10 +230,23 @@ logpath  = /var/log/mail.log
 # }
 # in your named.conf to provide proper logging
 
-[named-refused]
+# Word of Caution:
+# Given filter can lead to DoS attack against your DNS server
+# since there is no way to assure that UDP packets come from the
+# real source IP
+[named-refused-udp]
 
 enabled  = false
-port	 = domain,953
+port     = domain,953
 protocol = udp
 filter   = named-refused
 logpath  = /var/log/named/lame-servers.log
+
+[named-refused-tcp]
+
+enabled  = false
+port     = domain,953
+protocol = tcp
+filter   = named-refused
+logpath  = /var/log/named/lame-servers.log
+
diff --git a/debian/patches/00_ssh_strong_re.dpatch b/debian/patches/00_ssh_strong_re.dpatch
new file mode 100755
index 00000000..6a6ad03c
--- /dev/null
+++ b/debian/patches/00_ssh_strong_re.dpatch
@@ -0,0 +1,49 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_ssh_strong_re.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.conf fail2ban-0.8.0/config/filter.d/sshd.conf
+--- fail2ban-0.8.0~/config/filter.d/sshd.conf	2007-02-22 15:52:37.000000000 -0500
++++ fail2ban-0.8.0/config/filter.d/sshd.conf	2007-07-29 13:14:50.000000000 -0400
+@@ -14,10 +14,11 @@
+ #          (?:::f{4,6}:)?(?P<host>\S+)
+ # Values:  TEXT
+ #
+-failregex = Authentication failure for .* from <HOST>
+-            Failed [-/\w]+ for .* from <HOST>
+-            ROOT LOGIN REFUSED .* FROM <HOST>
+-            [iI](?:llegal|nvalid) user .* from <HOST>
++failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
++            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
++            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
++            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
++            User \S+ from <HOST> not allowed because not listed in AllowUsers$
+ 
+ # Option:  ignoreregex
+ # Notes.:  regex to ignore. If this regex matches, the line is ignored.
+diff -urNad fail2ban-0.8.0~/config/filter.d/sshd.examples fail2ban-0.8.0/config/filter.d/sshd.examples
+--- fail2ban-0.8.0~/config/filter.d/sshd.examples	1969-12-31 19:00:00.000000000 -0500
++++ fail2ban-0.8.0/config/filter.d/sshd.examples	2007-07-29 13:14:22.000000000 -0400
+@@ -0,0 +1,19 @@
++#1
++Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
++May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
++
++#2
++Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
++Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.70 port 12345
++
++#3
++Jan  5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
++Jan  5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
++
++#4
++Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
++
++
++#5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
++Mar  3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
++Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
diff --git a/debian/patches/00list b/debian/patches/00list
index 0ca33aca..27d00024 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -4,5 +4,6 @@
 00_daemon_pids
 10_dbts_manpages
 00_iptables_allports
+00_ssh_strong_re
 00_pam_generic
 00_named_refused