1) Have received 3 "DenyHosts Reports" in the past day - each one containing one ip address (with the corresponding hostname, I enabled lookups). However, there are now over 800 ip addresses in my /etc/hosts.deny.
This is because you have enabled SYNC_DOWNLOAD, which downloads entries from other hosts' logs from the central DenyHosts server. If you've also enabled SYNC_UPLOAD, you'll be helping with this too.
2) Also, logwatch reports many sshd authentication failures from various hosts, some several hundred times. Am I misunderstanding something basic? I am surprised to see so many failed attempts from the same hosts - my expectation was that once an address goes in /etc/hosts.deny, it would be blocked before it had a chance to make another (or several hundred more) bogus login attempts.
DenyHosts in daemon mode runs at intervals - there may be quite a few invalid login attempts between runs (defined by DAEMON_SLEEP). -- Peter SJF Bance http://www.minstrel.org.uk/
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
