Paul Hartman wrote:
On Wed, Jan 21, 2009 at 6:36 AM, Nikos Chantziaras <[email protected]> wrote:
The shared list of attackers doesn't have anything to do with it. Denyhosts
checks the logs every X seconds. I think 30 by default, not sure. In that
time, there can be many more attempted logins then the maximum you have
configured in Denyhosts.
Also, the downloaded list of known attack hosts is copied locally into your
hosts.deny file. That's all there is to it.
Then what would cause it to not add a new denied host until after many
many attempts?
I disabled the network sync but denyhosts still takes "forever" before
denying... each IP is able to do hundreds of attempts before getting
added to the hosts.deny file.
Can you check the logs to see the timespan in which those hundreds of
attempts took place? Also, what's the time interval Denyhosts checks
for login attempts?
