On Aug 19, 2010, at 5:12 PM, René Berber wrote: > Luke wrote: > > [snip] >> I've now set = dup_delay 0 which logs all failed entries and its >> still not blocking VNC failed attempts it does block ssh however. >> I'll probably just end up disabling vnc or just enabling it on >> demand. > > You guys are misunderstanding what I say: > > 1. The "--verbose --debug" was not to correct anything, neither to get > a big "here is the problem" message, it is to see what DH is doing in > detail, which includes configuration and data. > I understand clearly, i was tailing denyhosts log as well as secure.log the log while attempting to log into the VNC server unsuccessfully. However this did not provide any useful other than just stating info. This was done with --verbose --debug options
Aug 19 06:13:51 - denyhosts : DEBUG no new suspicious logins Aug 19 06:20:32 - denyhosts : DEBUG /private/var/log/secure.log has additional data Aug 19 06:20:32 - denyhosts : DEBUG new hosts: [] Aug 19 06:20:32 - denyhosts : DEBUG no new denied hosts Aug 19 06:20:32 - denyhosts : DEBUG no new suspicious logins > 2. When I say "a problem" that doesn't mean "the problem", I just > pointed out that DH will not handle the log with multiple equal lines > elided, which is not the problem you are having. > > I don't use Mac OS X, or VNC very often, but many of us use DH to stop > ftp attacks, which are similar to ssh and to your VNC log, and it works > fine. > > The only 2 things that can be wrong are the regexes used, and the times > used (i.e. too much time between tries and they are ignored, too little > time to keep the IP banned...) The second cause doesn't seem to be your > problem, I would focus on the first. I'm going to try to tweak the times to see if that makes a difference. Other than that, i'm not at all familiar with regex formating or have the technical know how to try to fix them if indeed thats where the problem lies. I'll update if the time was the issue. > > Alternatives: use fail2ban, same python regexes but in a different > configuration format that is designed from start to work with multiple > services, plus it has its own test tool, minus it doesn't have global > database. I use both (alone, not together) on different servers, > fail2ban in my mail server (which is really 2 services to protect, smtp > and imap/pop3), plus ssh, and I could add many more. There is no VNC > filter already made, you have to put similar regex to what we commented > in a new filter definition. > -- > René Berber > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
