I've got the same problem on my server that Peter describes below. An
IP that was purged from /etc/hosts.deny a couple of weeks ago started
attacking again. There were over 1000 attempted logins recorded in my
sshd log, but denyhosts failed to add it back to hosts.deny. Other
(new) attacking IP addresses did get added, though.
My system is running Fedora Core 4, DenyHosts 2.1, Python 2.4.1.
Here's the relevent line from the DenyHosts "hosts" file:
202.222.19.52:2078:Fri Mar 31 16:26:55 2006
... and from hosts-valid:
202.222.19.52:0:Fri Mar 31 15:14:45 2006
I'd also like to make a request that the purpose/format of the files in
DenyHosts' working directory be documented on the website or in the
distribution. It would make it easier to troubleshoot this type of
problem.
Steve Jakob
Wide Skies Information Technologies
Denyhosts list:
I'm using DenyHosts 2.1 on RedHat Enterprise 4 and have a question
about how purging works. DH is running in daemon mode, with syncing
turned off.
Here's the scenario:
1) Some IP address starts scanning the system, one of the thresholds
is met, and the address is added to hosts.deny.
2) PURGE_DENY amount of time passes and the IP address is removed from
hosts.deny.
3) Some time later, say the next day, the same address starts scanning
again, but even though it makes enough connections that it should be
blocked, DenyHosts seems to ignore it completely.
4) If I then restart DenyHosts, it does add the bad IP address to the
/etc/hosts.deny file again.
So, I guess my question is how to let DenyHosts know that even though
an address has been purged at one point that it can still re-block the
address if the address starts scanning me again.
Thanks,
Peter Ruprecht
U. of Colorado
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Denyhosts-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
