I am using denyhosts on a server ( I know IPTABLE rate limiting etc just testing this one) so in a config file /etc/denyhosts.conf the following value is set DENY_THRESHOLD_INVALID = 3
which as per their configuration file says DENY_THRESHOLD_INVALID: block each host after the number of failed login # attempts has exceeded this value. This value applies to invalid # user login attempts (eg. non-existent user accounts) but when I checked the log (I deleted previous entries and disabled firewall for some time to test denyhosts thing) and got following logs http://pastebin.com/fyH3qJeR I see a last line refused connect from 125.46.63.134 (125.46.63.134) but only after 10 attempts to try to login. Now the question which is puzzling me is in denyhosts.conf I have set DENY_THRESHOLD_INVALID = 3 so after third attempt the script should have denied the IP in question any request to connect. Is this not the case. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam