[CentOS] Looking for recommendations for blockinghacking attempts

Neil Aggarwal neil at JAMMConsulting.com
Thu Jul 9 15:44:59 UTC 2009


Ron:

> > >From what I see, DenyHosts only blocks based on failed
> > SSH attempts
> 
> That is incorrect.  Denyhosts has a config option named 
> "BLOCK_SERVICE"
> which can be set to "ALL".

I think you misunderstood my point.

It looks like BLOCK_SERVICE tells what to block once the
offender has been identified.

What I am talking about is the process of identifying the
offender in the first place. It looks like only a failed SSH
login attempt will cause someone to be blocked.  If they
try to attack another service (pop3s for example), 
DenyHosts will not block them.

Does this make sense?  Or, am I wrong about it?

Thanks,
	Neil

--
Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
Will your e-commerce site go offline if you have
a DB server failure, fiber cut, flood, fire, or other disaster?
If so, ask me about our geographically redudant database system. 




More information about the CentOS mailing list