[ split off from thread in HowTo & FAQ forum - Mod. ]
Hi,
Could you please help with some trouble I am having with denyhosts?
After installing it I was receiving regular reports and the hosts-denied list was being updated with each new rejected ip, so far so good.
Looking at the reports I found that all the attack ips resolve back to vfb-linz.de. So I enabled hostname lookup in denyhosts.conf and restarted denyhosts. Now I get reports every 20 minutes advising that vfb-linz.de has been blocked and /etc/hosts-denied is updated with a new line blocking vfb-linz.de rather than the ip, this line is then repeated every time a new attack is identified.
I disabled hostname lookup in the config and restarted but it has decided to keep blocking by hostname!!
Obviously it is not actually blocking the recorded hostname and subsequently I now can not record & block the source ips either, leaving the offenders free to attack at will.
Surely this can not be right?
Hi,
Could you please help with some trouble I am having with denyhosts?
After installing it I was receiving regular reports and the hosts-denied list was being updated with each new rejected ip, so far so good.
Looking at the reports I found that all the attack ips resolve back to vfb-linz.de. So I enabled hostname lookup in denyhosts.conf and restarted denyhosts. Now I get reports every 20 minutes advising that vfb-linz.de has been blocked and /etc/hosts-denied is updated with a new line blocking vfb-linz.de rather than the ip, this line is then repeated every time a new attack is identified.
I disabled hostname lookup in the config and restarted but it has decided to keep blocking by hostname!!
Obviously it is not actually blocking the recorded hostname and subsequently I now can not record & block the source ips either, leaving the offenders free to attack at will.
Surely this can not be right?