My apologies. Here is the config file... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Denton Sent: Wednesday, September 12, 2007 9:55 AM To: denyhosts-user@lists.sourceforge.net Subject: [Denyhosts-user] Denyhosts for VSFTPD not blocking, again...
Yesterday I was having difficulty with the getting denyhosts to properly block brute force attacks against my VSFTPD server, and Rene was kind enough to provide me with the following regex: USERDEF_FAILED_ENTRY_REGEX=.* vsftpd.* authentication failure.* rhost=(?P<host>\S+) user=(?P<user>\S+).* Since yesterday evening, after trying a few things with the config file, now the daemon doesn't seem to recognize the entries from my /var/log/messages file, and nothing gets blocked. I have been able to successfully configure the daemon to block SSHD brute force attacks, so I know the program works, but getting it to block VSFTPD attacks like it did yesterday isn't happening. I've attached the config file from my installation. Below is a snippet from my messages file for one if the failed attempts I've tried for testing. Sep 12 09:36:38 tb002 vsftpd(pam_unix)[5096]: check pass; user unknown Sep 12 09:36:38 tb002 vsftpd(pam_unix)[5096]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.100.236 Can anyone tell me why the regex doesn't seem to be working anymore? One thing I thought odd, and it may be nothing, but I have multiple names in my hosts file for this system, and yesterday's message file entries had the system name as TESTBED002, this morning (after a reboot last night), they're showing as tb002. Could this be a factor? Thanks in advance... Dan Denton Systems Administrator RemitPro 402-861-0005 [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
denyhosts.cfg
Description: Binary data
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
