invalid login attempts not refused using deny hosts and conf of denyhost not working as expected
Tapas Mishra
mightydreams at gmail.com
Thu Oct 28 10:18:05 UTC 2010
I am using denyhosts on a server ( I know IPTABLE rate limiting etc
just testing this one)
so in a config file
/etc/denyhosts.conf
the following value is set
DENY_THRESHOLD_INVALID = 3
which as per their configuration file says
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
but when I checked the log (I deleted previous entries and disabled
firewall for some time to test denyhosts thing)
and
got following logs
http://pastebin.com/fyH3qJeR
I see a last line
refused connect from 125.46.63.134 (125.46.63.134)
but only after 10 attempts to try to login.
Now the question which is puzzling me is in denyhosts.conf I have set
DENY_THRESHOLD_INVALID = 3
so after third attempt the script should have denied the IP in
question any request to connect.
Is this not the case.
More information about the ubuntu-users
mailing list