| 1 |
On Wed, Jan 21, 2009 at 6:36 AM, Nikos Chantziaras <realnc@×××××.de> wrote: |
| 2 |
> Paul Hartman wrote: |
| 3 |
>> |
| 4 |
>> I'm using the online denyhosts synchronization database, I think that |
| 5 |
>> may negatively affect how often it blocks hosts locally, because it |
| 6 |
>> waits until it does a remote sync to scan the local file. This is my |
| 7 |
>> theory. I like the idea of sharing my blocks and taking advantage of |
| 8 |
>> the blocks of others, but if it renders the program ineffective |
| 9 |
>> against the IP /actively/ attacking my system, then it's pointless. |
| 10 |
>> |
| 11 |
>> I'm going to turn off the online sharing of denyhosts and see if it |
| 12 |
>> makes a difference. |
| 13 |
>> |
| 14 |
>> Otherwise I guess I need to set up some kind of local firewall on this |
| 15 |
>> machine to get any more fine control over the connections. |
| 16 |
> |
| 17 |
> The shared list of attackers doesn't have anything to do with it. Denyhosts |
| 18 |
> checks the logs every X seconds. I think 30 by default, not sure. In that |
| 19 |
> time, there can be many more attempted logins then the maximum you have |
| 20 |
> configured in Denyhosts. |
| 21 |
> |
| 22 |
> Also, the downloaded list of known attack hosts is copied locally into your |
| 23 |
> hosts.deny file. That's all there is to it. |
| 24 |
|
| 25 |
Then what would cause it to not add a new denied host until after many |
| 26 |
many attempts? |
| 27 |
|
| 28 |
I disabled the network sync but denyhosts still takes "forever" before |
| 29 |
denying... each IP is able to do hundreds of attempts before getting |
| 30 |
added to the hosts.deny file. |
Archives