On Wed, Sep 30, 2015 at 9:00 AM, Jesse Smith <jessefrgsm...@yahoo.ca> wrote: > I think that problem was addressed in the DenyHost fork of the project > last year, though I could be mistaken.
Ah Joy, I was completely unaware of the fork - I was simply using the EL6 package from EPEL yum repository which looked like it was the latest (from initial investigation of this project) and even had some patches from earlier this year. On deeper investigation I see Fedora has packages from this newer fork so I wonder why these have never found there way to EPEL. Is it official this project has been put to pasture and being replaced by the fork? so many links still come to this project :( > Perhaps you could try v3.0 from the http://denyhost.sf.net website and report > back > on whether you still encounter the problem? I will certainly give that a try and report back here. The other issue I was seeing was one reporting on this list earlier this year where some root attacks that showed up auth syslog with messages similar to: PAM {X} more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost={SUSP.NET.IP.ADDR} user=root : {MANY} time(s) were not getting banned. I guess I shall see if that gets fixed too. Cheers /dan > On 30/09/15 09:05 AM, Daniel Sutcliffe wrote: >> Firstly I'm a new subscriber so I must say I have been using DenyHosts >> for quite some time and have found it to be a really useful and simple >> to configure piece of software. >> >> I realize it hasn't been updated in quite some time but this probably >> just means it does exactly what is needed of it with little fuss or >> problems. >> >> Recently however I noticed a problem which caused me to look closer at >> what was going on - the initial problem is probably a config thing >> that I'll mention in a later email. The other issue I discovered that >> I mention in the subject line already seems to be in the bug database >> twice: >> https://sourceforge.net/p/denyhosts/bugs/32/ >> https://sourceforge.net/p/denyhosts/bugs/43/ >> Although, it seems the root of the problem has not been understood. >> >> I also came across the problem here: http://serverfault.com/q/647153/310481 >> >> What appears to be happening is that during LoginAttempt.add() in >> DenyHosts/loginattempt.py if any of the AGE_RESET_XXX configs are set >> and there is a valid host then .agg_count() gets called for the host >> in the specific __abusive_hosts_XXX set regardless of whether that >> host exists in that list or not. The result being a zero count entry >> for that host in a list it possibly does not really belong in. >> >> The downside to this seems only to be large hosts files and time >> wasted. Maybe there is a reason for this action, if so I'd love to >> have it explained before I attempt to fix this inefficiency and >> horribly break something else in a perfectly stable bit of code ;) -- Daniel Sutcliffe <d...@chairfour.com> Chair Four Development Group LLC ------------------------------------------------------------------------------ _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
