"including IP addresses from which I've never logged on from."
And that is suspicious, don't you think ?
*? ????????: ?.????????*
IT/ISMS
Optix Co. Bulgaria
Tel:+359/357-64125-117
???:+359/88-5166659
www.optixco.com
On 30.4.2013 ?. 02:21 ?., Ted To wrote:
Hi Phil,
That doesn't seem to be working:
2013-04-29 18:46:54,973 - loginattempt: INFO resetting count for:
192.168.2.66
2013-04-29 18:46:55,004 - denyhosts : INFO new suspicious logins:
['tct - 192.168.2.66']
It doesn't seem to matter what IP address I'm logging in from, including
IP addresses from which I've never logged on from. They all get flagged
as suspicious. Very strange...
Thanks,
Ted
On 04/29/2013 05:15 PM, Phil Schwartz wrote:
Hey Ted,
Suspicious logins are based on DenyHosts observing that a failied login
exceeded the threhold but then was able to login based on the user/ip
address.
Option you may want to tweak:
#######################################################################
#
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
#
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
# If set to YES, if a suspicious login attempt results from an #
allowed-host
# then it is considered suspicious. If this is NO, then suspicious logins
# from allowed-hosts will not be reported. All suspicious logins from
# ip addresses that are not in allowed-hosts will always be reported.
#
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
######################################################################
######################################################################
#
# RESET_ON_SUCCESS: If this parameter is set to "yes" then the
# failed count for the respective ip address will be reset to 0
# if the login is successful.
#
# The default is RESET_ON_SUCCESS = no
#
#RESET_ON_SUCCESS = yes
#
#####################################################################
Regards,
Phil
On Mon, 29 Apr 2013, Ted To wrote:
How are logins judged as being suspicious or not suspicious? I've used
denyhosts for years now but on a recently configured NAS, every login
generates a "suspicious login" email. I know I can disable this but I'd
rather understand why on my NAS, logins are all judged as suspicious but
on my VPS, I've never seen a suspicious login email.
Thanks for any ideas!
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring
service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt!
http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
