I constantly get dictionary attacks which produce messages like:
Mar 23 04:42:04 opal sshd[1337]: Invalid user albert from 58.248.10.212
Mar 23 04:42:07 opal sshd[1345]: Invalid user alexander from 58.248.10.212
Mar 23 04:42:10 opal sshd[1350]: Invalid user andrea from 58.248.10.212
Mar 23 04:42:14 opal sshd[1355]: Invalid user anna from 58.248.10.212
Denyhosts seems usually to ignore these. So I added a config parameter
USERDEF_FAILED_ENTRY_REGEX=re.compile(r"""Invalid user (?P<user>.*) .*from
(::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
which works with kodos but is ignored by denyhosts. I have
DENY_THRESHOLD_VALID = 2
so the attacker should get blocked very quickly, but it doesn't happen.
Anybody any idea what I am doing wrong?
-Robin
--
----------------------------------------------------------------------
Robin Atwood.
"Ship me somewheres east of Suez, where the best is like the worst,
Where there ain't no Ten Commandments an' a man can raise a thirst"
from "Mandalay" by Rudyard Kipling
----------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
