Doh, sorry, I answered for "part 2". For part 1, you can specify custom regex that you could tailor to match other things, but it's far from ideal, even apart from it getting quite complicated. Eg. I want to block hosts from failed ssh login attempts quite quickly, but if I had the same threshhold on a pop3 server, any of my customers that mistypes their username or password is almost guaranteed to be blocked and require manual cleanup by the time they call in.
I only briefly looked at fail2ban a few years ago and I believe it was better suited to multiple services, but I've not tried using it. You might get by with multiple denyhost instances running, each pointing to a seperate config file. Far from ideal. Maybe you want to contribute this feature to denyhosts, so I can use it, too? :) Jesse On Thu, 2009-07-09 at 11:35 -0500, Neil Aggarwal wrote: > Hello: > > > To me, it seems the advantage of Fail2ban is that > > it will block more than just SSH attempts. Does > > DenyHosts have that ability? > > I probably need to clarify this question. > > There are two parts to blocking an offender: > 1. Identification of a hacking attempt > 2. Blocking the host the offender used > > For part 2, it looks like DenyHosts can block > individual services or all access to my machine > so that is not a problem. > > I am concerned about part 1. It looks like DenyHosts > only identifies an offender when they attempt an > SSH login and fail. Other types of attacks (Eg: pop3s) > will not trigger DenyHosts to block the offender. > > Is there a way to tell DenyHosts to account for all > types of access to a machine? > > The reason I ask is it seems Fail2ban can take more than > SSH failures into account. I like the idea of the > synchronization service DenyHosts offers, but it seems > Fail2ban will offer more complete protection. > > Thanks, > Neil > > -- > Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com > Will your e-commerce site go offline if you have > a DB server failure, fiber cut, flood, fire, or other disaster? > If so, ask me about our geographically redudant database system. > > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user -- Jesse Norell Kentec Communications, Inc. [email protected] ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
