[CentOS] Looking for recommendations for blockinghacking attempts

Thu Jul 9 15:44:59 UTC 2009
Neil Aggarwal <neil at JAMMConsulting.com>


> > >From what I see, DenyHosts only blocks based on failed
> > SSH attempts
> That is incorrect.  Denyhosts has a config option named 
> which can be set to "ALL".

I think you misunderstood my point.

It looks like BLOCK_SERVICE tells what to block once the
offender has been identified.

What I am talking about is the process of identifying the
offender in the first place. It looks like only a failed SSH
login attempt will cause someone to be blocked.  If they
try to attack another service (pop3s for example), 
DenyHosts will not block them.

Does this make sense?  Or, am I wrong about it?


Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
Will your e-commerce site go offline if you have
a DB server failure, fiber cut, flood, fire, or other disaster?
If so, ask me about our geographically redudant database system.