1 |
Paul Hartman wrote: |
2 |
> I'm using the online denyhosts synchronization database, I think that |
3 |
> may negatively affect how often it blocks hosts locally, because it |
4 |
> waits until it does a remote sync to scan the local file. This is my |
5 |
> theory. I like the idea of sharing my blocks and taking advantage of |
6 |
> the blocks of others, but if it renders the program ineffective |
7 |
> against the IP /actively/ attacking my system, then it's pointless. |
8 |
> |
9 |
> I'm going to turn off the online sharing of denyhosts and see if it |
10 |
> makes a difference. |
11 |
> |
12 |
> Otherwise I guess I need to set up some kind of local firewall on this |
13 |
> machine to get any more fine control over the connections. |
14 |
|
15 |
The shared list of attackers doesn't have anything to do with it. |
16 |
Denyhosts checks the logs every X seconds. I think 30 by default, not |
17 |
sure. In that time, there can be many more attempted logins then the |
18 |
maximum you have configured in Denyhosts. |
19 |
|
20 |
Also, the downloaded list of known attack hosts is copied locally into |
21 |
your hosts.deny file. That's all there is to it. |