[PLUG] denyhosts for illegal ssh login attempts

Dwight Hubbard dwight at dwightandamy.com
Mon May 16 18:49:39 UTC 2005


> On Mon, 16 May 2005, Keith Lofstrom wrote:
>
>> I got tired of seeing 2000 line logwatch reports with lines like:
>
> Keith,
>
>    Mine don't get that large, but I sometimes see dictionary attacks that
> are
> lengthy.
>
>> Eventually, the bastards might even make it in.  So I downloaded a
>> program called DenyHosts ( http://denyhosts.sourceforge.net ) which is
>> called from cron, scans /var/log/secure and adds entries to
>> /etc/hosts.deny .

Wouldn't it be better to call it from hosts.deny when a connect attempt is
made instead of running it from cron?






More information about the PLUG mailing list