I haven't really looked at the notify_isp.rb plugin (since I'm not a ruby guy) though I appreciate all contribs (thanks Nazar!).
I've been meaning to get a new DenyHosts release out (especially now that I finally released ReleaseForge 1.3 which I naturally use for all of the DenyHosts releases). I'll add the plugin to the "plugins" directory such that it will be in the upcoming 2.7 release. I don't think the sync server is the best place to launch the notify_isp.rb script from considering the sync server doesn't have all of the info that would make it useful for the ISPs to use (specifically, the line(s) in SECURE_LOG that document the attack which I believe the ruby plugin extracts from SECURE_LOG). FWIW, DenyHosts 2.7 adds a SYNC_PLUGIN option but I wouldn't recommend using this plugin for that since it doesn't have the necessary SECURE_LOG entries either. Phil On Thu, 24 Jul 2008, Ron Joffe wrote: > On Monday 21 July 2008 05:37, Nazar Aziz wrote: >> Hi List. >> >> Just wanted to drop a quick email to say that I've developed a >> DenyHosts plugin that will notify the attacker's ISP with an excerpt >> from your sshd log file. I've been running this script for the last >> two days and I've had half a dozen positive replies from system admins >> who've subsequently disconnected offending servers. >> > > I was just thinking about this neat new feature, and realized if we all > install it, then we may very well flood the abuse mailbox with emails. Since > these emails will all have the same format (but different source addresses) a > spam filter might very well throw them all away. > > Perhaps we should ask Phil if he would be willing to install this addon to the > sync server, so that just one email goes out ? > > On the other hand, if the mails make it through spam, having more emails might > get a network admin to action faster. > > Just a few thoughts, > > Ron > > > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > -- Regards, Phil Schwartz - http://www.phil-schwartz.com Open Source Projects: - DenyHosts: http://www.denyhosts.net - Kodos: http://kodos.sourceforge.net - ReleaseForge: http://releaseforge.sourceforge.net - Scratchy: http://scratchy.sourceforge.net - FAQtor: http://faqtor.sourceforge.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
