Is there a way to tell how far back in the log that the denyhosts daemon checks for failed logins? If so, is there a way to change that parameter? I.E., how many attempts in what time frame constitute an attack?
The only thing close I can find in the config is " AGE_RESET_VALID=5d", but if I'm reading it right that's the inactivity counter between attempted attacks for resetting the attack count to zero. Thanks again... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of René Berber Sent: Tuesday, September 11, 2007 3:47 PM To: [email protected] Subject: Re: [Denyhosts-user] Trying to secure VSFTPD, denyhosts not blocking... Dan Denton wrote: > I'm trying to use denyhosts to secure an FTP (VSFTPD) server against BF > attacks, and I'm not having a lot of luck. ... > I'm trying to run denyhosts in daemon mode, writing to hosts.deny and > reading login attempts from /var/log/messages. Here's a snippet of my > messages file: > > Sep 11 13:05:49 TESTBED002 vsftpd(pam_unix)[11393]: authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=192.168.100.228 user=test [snip] In denyhosts.cfg uncomment and change line 418: USERDEF_FAILED_ENTRY_REGEX=.* vsftpd.* authentication failure.* rhost=(?P<host>\S+) user=(?P<user>\S+).* All in one line. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
