Dan Denton wrote: > I'm trying to use denyhosts to secure an FTP (VSFTPD) server against BF > attacks, and I'm not having a lot of luck. ... > I'm trying to run denyhosts in daemon mode, writing to hosts.deny and > reading login attempts from /var/log/messages. Here's a snippet of my > messages file: > > Sep 11 13:05:49 TESTBED002 vsftpd(pam_unix)[11393]: authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=192.168.100.228 user=test [snip]
In denyhosts.cfg uncomment and change line 418: USERDEF_FAILED_ENTRY_REGEX=.* vsftpd.* authentication failure.* rhost=(?P<host>\S+) user=(?P<user>\S+).* All in one line. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
