1 |
On Wed, Jan 21, 2009 at 6:36 AM, Nikos Chantziaras <realnc@×××××.de> wrote: |
2 |
> Paul Hartman wrote: |
3 |
>> |
4 |
>> I'm using the online denyhosts synchronization database, I think that |
5 |
>> may negatively affect how often it blocks hosts locally, because it |
6 |
>> waits until it does a remote sync to scan the local file. This is my |
7 |
>> theory. I like the idea of sharing my blocks and taking advantage of |
8 |
>> the blocks of others, but if it renders the program ineffective |
9 |
>> against the IP /actively/ attacking my system, then it's pointless. |
10 |
>> |
11 |
>> I'm going to turn off the online sharing of denyhosts and see if it |
12 |
>> makes a difference. |
13 |
>> |
14 |
>> Otherwise I guess I need to set up some kind of local firewall on this |
15 |
>> machine to get any more fine control over the connections. |
16 |
> |
17 |
> The shared list of attackers doesn't have anything to do with it. Denyhosts |
18 |
> checks the logs every X seconds. I think 30 by default, not sure. In that |
19 |
> time, there can be many more attempted logins then the maximum you have |
20 |
> configured in Denyhosts. |
21 |
> |
22 |
> Also, the downloaded list of known attack hosts is copied locally into your |
23 |
> hosts.deny file. That's all there is to it. |
24 |
|
25 |
Then what would cause it to not add a new denied host until after many |
26 |
many attempts? |
27 |
|
28 |
I disabled the network sync but denyhosts still takes "forever" before |
29 |
denying... each IP is able to do hundreds of attempts before getting |
30 |
added to the hosts.deny file. |