Re: [Denyhosts-user] IP address no longer blocked after being blocked once

Phil Schwartz Wed, 15 Jul 2009 16:24:22 -0700

Was the IP still in  /etc/hosts.deny after the 5 minutes?  If not, how did 
it get removed?


There is no auto-whitelist feature.  There is however a purge facility 
which appears to be set to 300 seconds (5 minutes) which means added ips 
will be purged every 5 minutes which probably isn't desired.  You may want to 
set it to 300h (hours) or 300d (days).

Once an IP is purged it should be re-added if it exceeds one of the 
thresholds again.

Regards,

Phil



On Wed, 15 Jul 2009, Yang, Zhengfan wrote:

> Hello,
>
> I downloaded the latest Denyhosts and tested using the following 
> settings. But I got the following problems: after three login attempts 
> using invalid usernames, the IP did get blocked (it is added to 
> hosts.deny). And after about 5 minutes, the IP again works (it is 
> removed from hosts.deny).  However, after that, this IP is never blocked 
> again, no matter how much failed login attempts I tried. In other words, 
> it seems this IP is permanently added to a white-list after the purging, 
> I am sure this is not the original intent of the software. I am 
> wondering whether my settings are correct, or something else happened.
>
> Best regards,
>
> Zhengfan Yang
>
> 2009-07-15 13:25:52,307 - denyhosts   : INFO     DenyHosts launched with the 
> following args:
> 2009-07-15 13:25:52,307 - denyhosts   : INFO        /usr/bin/denyhosts.py 
> --daemon --config=/usr/share/denyhosts/denyhosts.cfg
> 2009-07-15 13:25:52,307 - prefs       : INFO     DenyHosts configuration 
> settings:
> 2009-07-15 13:25:52,308 - prefs       : INFO        ADMIN_EMAIL: [None]
> 2009-07-15 13:25:52,308 - prefs       : INFO        AGE_RESET_INVALID: 
> [864000]
> 2009-07-15 13:25:52,308 - prefs       : INFO        AGE_RESET_ROOT: [2160000]
> 2009-07-15 13:25:52,308 - prefs       : INFO        AGE_RESET_VALID: [432000]
> 2009-07-15 13:25:52,308 - prefs       : INFO        
> ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
> 2009-07-15 13:25:52,308 - prefs       : INFO        BLOCK_SERVICE: [sshd]
> 2009-07-15 13:25:52,308 - prefs       : INFO        DAEMON_LOG: 
> [/var/log/denyhosts]
> 2009-07-15 13:25:52,308 - prefs       : INFO        
> DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s 
> %(message)s]
> 2009-07-15 13:25:52,308 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT: 
> [None]
> 2009-07-15 13:25:52,309 - prefs       : INFO        DAEMON_PURGE: [180]
> 2009-07-15 13:25:52,309 - prefs       : INFO        DAEMON_SLEEP: [30]
> 2009-07-15 13:25:52,309 - prefs       : INFO        DENY_THRESHOLD_INVALID: 
> [3]
> 2009-07-15 13:25:52,309 - prefs       : INFO        DENY_THRESHOLD_ROOT: [1]
> 2009-07-15 13:25:52,309 - prefs       : INFO        DENY_THRESHOLD_VALID: [5]
> 2009-07-15 13:25:52,309 - prefs       : INFO        FAILED_ENTRY_REGEX: [None]
> 2009-07-15 13:25:52,309 - prefs       : INFO        FAILED_ENTRY_REGEX2: 
> [None]
> 2009-07-15 13:25:52,309 - prefs       : INFO        FAILED_ENTRY_REGEX3: 
> [None]
> 2009-07-15 13:25:52,309 - prefs       : INFO        FAILED_ENTRY_REGEX4: 
> [None]
> 2009-07-15 13:25:52,309 - prefs       : INFO        FAILED_ENTRY_REGEX5: 
> [None]
> 2009-07-15 13:25:52,310 - prefs       : INFO        FAILED_ENTRY_REGEX6: 
> [None]
> 2009-07-15 13:25:52,310 - prefs       : INFO        HOSTNAME_LOOKUP: [YES]
> 2009-07-15 13:25:52,310 - prefs       : INFO        HOSTS_DENY: 
> [/etc/hosts.deny]
> 2009-07-15 13:25:52,310 - prefs       : INFO        LOCK_FILE: 
> [/var/lock/subsys/denyhosts]
> 2009-07-15 13:25:52,310 - prefs       : INFO        PLUGIN_DENY: [None]
> 2009-07-15 13:25:52,310 - prefs       : INFO        PLUGIN_PURGE: [None]
> 2009-07-15 13:25:52,310 - prefs       : INFO        PURGE_DENY: [300]
> 2009-07-15 13:25:52,310 - prefs       : INFO        SECURE_LOG: 
> [/var/log/messages]
> 2009-07-15 13:25:52,310 - prefs       : INFO        SMTP_FROM: [DenyHosts 
> <nob...@localhost>]
> 2009-07-15 13:25:52,310 - prefs       : INFO        SMTP_HOST: [localhost]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SMTP_PASSWORD: [None]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SMTP_PORT: [25]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts 
> Report]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SMTP_USERNAME: [None]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SSHD_FORMAT_REGEX: [None]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX: 
> [None]
> 2009-07-15 13:25:52,311 - prefs       : INFO        
> SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SYNC_DOWNLOAD: [yes]
> 2009-07-15 13:25:52,311 - prefs       : INFO        SYNC_DOWNLOAD_THRESHOLD: 
> [3]
> 2009-07-15 13:25:52,312 - prefs       : INFO        SYNC_INTERVAL: [1h]
> 2009-07-15 13:25:52,312 - prefs       : INFO        SYNC_SERVER: [None]
> 2009-07-15 13:25:52,312 - prefs       : INFO        SYNC_UPLOAD: [yes]
> 2009-07-15 13:25:52,312 - prefs       : INFO        WORK_DIR: 
> [/usr/share/denyhosts/data]
> 2009-07-15 13:25:52,325 - denyhosts   : INFO     Processing log file 
> (/var/log/messages) from offset (318860185)
> 2009-07-15 13:25:53,626 - denyhosts   : INFO     new denied hosts: 
> ['139.52.19.68']
> 2009-07-15 13:25:53,750 - denyhosts   : INFO     launching DenyHosts daemon 
> (version 2.0)...
> 2009-07-15 13:25:53,757 - denyhosts   : INFO     DenyHosts daemon is now 
> running, pid: 9549
> 2009-07-15 13:25:53,758 - denyhosts   : INFO     send daemon process a TERM 
> signal to terminate cleanly
> 2009-07-15 13:25:53,758 - denyhosts   : INFO       eg.  kill -TERM 9549
> 2009-07-15 13:25:54,130 - denyhosts   : INFO     monitoring log: 
> /var/log/messages
> 2009-07-15 13:25:54,130 - denyhosts   : INFO     sync_time: 1h
> 2009-07-15 13:25:54,130 - denyhosts   : INFO     daemon_purge:      180
> 2009-07-15 13:25:54,130 - denyhosts   : INFO     daemon_sleep:      30
> 2009-07-15 13:25:54,130 - denyhosts   : INFO     purge_sleep_ratio: 6
> 2009-07-15 13:25:54,131 - denyhosts   : INFO     denyhosts synchronization 
> disabled
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> Denyhosts-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/denyhosts-user
>

-- 
Regards,

Phil Schwartz
- http://www.phil-schwartz.com

Open Source Projects:
- DenyHosts: http://www.denyhosts.net
- Kodos: http://kodos.sourceforge.net
- ReleaseForge: http://releaseforge.sourceforge.net
- Scratchy: http://scratchy.sourceforge.net
- FAQtor: http://faqtor.sourceforge.net

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Re: [Denyhosts-user] IP address no longer blocked after being blocked once

Reply via email to