Look how close all those tries were. DenyHosts caught it after 8 seconds. If they're coming in that fast, it can take long enough to block it that a few come in past your threshold.
If it's a real concern, you may have an option to limit the speed of new connections from a single remote IP at your firewall (there are a couple of ways to do that with netfilter/iptables). You could slow the attempts down to a speed where catching them right at your DenyHosts threshold would be a sure thing. Whit On Sat, Jul 21, 2007 at 03:11:44PM -0400, boricua wrote: > these are my settings > > DENY_THRESHOLD_INVALID = 2 > DENY_THRESHOLD_VALID = 4 > DENY_THRESHOLD_ROOT = 1 > DENY_THRESHOLD_RESTRICTED = 1 > > yet denyhost allowed 10 attempts before blocking ? > at the most it should of blocked it after 4 tries? > > Jul 21 14:30:21 pepino sshd[1559]: Invalid user test from 141.28.131.133 > Jul 21 14:30:21 pepino sshd[1559]: Failed password for invalid user test from > 141.28.131.133 port 1573 ssh2 > Jul 21 14:30:22 pepino sshd[1561]: Invalid user guest from 141.28.131.133 > Jul 21 14:30:22 pepino sshd[1561]: Failed password for invalid user guest > from 141.28.131.133 port 1643 ssh2 > Jul 21 14:30:23 pepino sshd[1563]: Invalid user admin from 141.28.131.133 > Jul 21 14:30:23 pepino sshd[1563]: Failed password for invalid user admin > from 141.28.131.133 port 1703 ssh2 > Jul 21 14:30:24 pepino sshd[1565]: Invalid user admin from 141.28.131.133 > Jul 21 14:30:24 pepino sshd[1565]: Failed password for invalid user admin > from 141.28.131.133 port 1758 ssh2 > Jul 21 14:30:25 pepino sshd[1567]: Invalid user user from 141.28.131.133 > Jul 21 14:30:25 pepino sshd[1567]: Failed password for invalid user user from > 141.28.131.133 port 1804 ssh2 > Jul 21 14:30:26 pepino sshd[1569]: User root from 141.28.131.133 not allowed > because not listed in AllowUsers > Jul 21 14:30:26 pepino sshd[1569]: Failed password for invalid user root from > 141.28.131.133 port 1853 ssh2 > Jul 21 14:30:27 pepino sshd[1571]: User root from 141.28.131.133 not allowed > because not listed in AllowUsers > Jul 21 14:30:27 pepino sshd[1571]: Failed password for invalid user root from > 141.28.131.133 port 1892 ssh2 > Jul 21 14:30:28 pepino sshd[1573]: User root from 141.28.131.133 not allowed > because not listed in AllowUsers > Jul 21 14:30:28 pepino sshd[1573]: Failed password for invalid user root from > 141.28.131.133 port 1925 ssh2 > Jul 21 14:30:29 pepino sshd[1575]: Invalid user test from 141.28.131.133 > Jul 21 14:30:29 pepino sshd[1575]: Failed password for invalid user test from > 141.28.131.133 port 1957 ssh2 > Jul 21 14:30:44 pepino denyhosts: Added the following hosts to > /etc/hosts.deny - 141.28.131.133 (unknown) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
