Paul Hartman wrote:
I'm using the online denyhosts synchronization database, I think that
may negatively affect how often it blocks hosts locally, because it
waits until it does a remote sync to scan the local file. This is my
theory. I like the idea of sharing my blocks and taking advantage of
the blocks of others, but if it renders the program ineffective
against the IP /actively/ attacking my system, then it's pointless.
I'm going to turn off the online sharing of denyhosts and see if it
makes a difference.
Otherwise I guess I need to set up some kind of local firewall on this
machine to get any more fine control over the connections.
The shared list of attackers doesn't have anything to do with it.
Denyhosts checks the logs every X seconds. I think 30 by default, not
sure. In that time, there can be many more attempted logins then the
maximum you have configured in Denyhosts.
Also, the downloaded list of known attack hosts is copied locally into
your hosts.deny file. That's all there is to it.
