On Mon, 20 Aug 2007 09:42:44 +0200 Giacomo Gorgellino <[EMAIL PROTECTED]> wrote:
> > David Liontooth ha scritto: > > Do people have experience blocking other ports than ssh? > > > > Dave > > Yes, I'm currently using DH for blocking bad ftp login attempts. > I've done my regex for parsing vsftpd logfile on debian system: > > SECURE_LOG = /var/log/vsftpd.log > SSHD_FORMAT_REGEX = .*? (?P<message>.*) > FAILED_ENTRY_REGEX = .*FAIL LOGIN.*Client "(?P<host>\d*\.\d*\.\d*\.\d*)" > SUCCESSFUL_ENTRY_REGEX = .*OK LOGIN.*Client "(?P<host>\d*\.\d*\.\d*\.\d*)" > > I don't know if this is the best way to do that, but it works for me :) > > Giacomo. > i like the idea of using DH to block port 25 as tons of people able to connect to try to send spam currently i am able to block the delivery but not the connection is it possible? how would i deal with trying to block connections after this in log postfix/smtpd[10109]: NOQUEUE: reject: RCPT from smtp1.objectivistcenter.org[209.34.241.162]: > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
