At 9:42 AM +0200 8/20/07, Giacomo Gorgellino sent email regarding Re: [Denyhosts-user] Blocking ports other than ssh: >David Liontooth ha scritto: >> Do people have experience blocking other ports than ssh? >> >> Dave > >Yes, I'm currently using DH for blocking bad ftp login attempts. >I've done my regex for parsing vsftpd logfile on debian system: > >SECURE_LOG = /var/log/vsftpd.log >SSHD_FORMAT_REGEX = .*? (?P<message>.*) >FAILED_ENTRY_REGEX = .*FAIL LOGIN.*Client "(?P<host>\d*\.\d*\.\d*\.\d*)" >SUCCESSFUL_ENTRY_REGEX = .*OK LOGIN.*Client "(?P<host>\d*\.\d*\.\d*\.\d*)"
Are you doing this in addition to scanning and blocking ssh attempts? If so, do you run multiple instances of DenyHosts? Or is there a way for one instance of DH to scan multiple logs, each with its own REGEX to look for? ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
