This release contains the following:
- ADMIN_EMAIL pref can now contain multiple email addresses delimited by a comma (white space is optional). eg. email@example.com, firstname.lastname@example.org, email@example.com
- fixed bug in denyfileutil: 'timestamp' is now initialized properly
- daemon-control-dist: modified to work w/ non-default python versions. You must change the PYTHON_BIN and #!/bin/env/python references if appropriate.... read more
This version addresses a potential security issue: Purged denied hosts are now re-added as necessary.
DenyHosts 2.2 is out. This release contains the following:
- added environment variable substitution of preference values. Each value
that contains $[SOME_NAME] will have $[SOME_NAME] substituted with the
value of the environment variable SOME_NAME. eg.
SMTP_SUBJECT = DenyHosts Report - $[HOSTNAME]
will result in the following expansion:
SMTP_SUBJECT = DenyHosts Report - foo
on a host that is named "foo"... read more
- added command line flag --sync which runs DenyHosts (command line/cron version)
in synchronization mode.
- added SYNC_DOWNLOAD_RESILIENCY setting to limit download synchronization
data to attacks that have lasted longer than this value. That is, if the centralized
denyhosts.net server records an attack at 2 PM and then again at 5 PM,
specifying a SYNC_DOWNLOAD_RESILIENCY = 4h will not download this ip
address. However, if the attacker is recorded again at 6:15 PM then the ip address
will be downloaded by your DenyHosts instance. This value is used in
conjunction with the SYNC_DOWNLOAD_THRESHOLD and only hosts that
satisfy both values will be downloaded. This value has no effect if
SYNC_DOWNLOAD_THRESHOLD = 1 and refers to the timespan between the
attackers first known attack and their most recent attack.
Refer to http://www.denyhosts.net/faq.html#sync_download_resiliency... read more
DenyHosts v1.1.2 is now available for download at:
This version of DenyHosts is a minor bug fix release which includes the following fixes and optimizations:
- Fixed offset issue when running in daemon mode, the first pass of data discovered was processed twice.
- All values that are converted to seconds in the prefs.py module when the denyhosts.cfg file is processed. Previously, these values were inefficiently converted each time that they were used.... read more
DenyHosts 1.1.0 is now available.
- hostnames can now be specified in allowed-hosts file based
on a contribution from Mathias Wagner.
- hostnames specified in allowed-hosts are looked
up to determine ip addresses
- added optional pref: ALLOWED_HOSTS_HOSTNAME_LOOKUP
- if ALLOWED_HOSTS_HOSTNAME_LOOKUP is true, then each
ip address in allowed-hosts is looked up to determine
DenyHosts 0.9 and greater offers the ability to run the app as a daemon in addition to the legacy command line mode (aka cron mode). Several new configuration values were added to support the daemon mode. Please view the denyhosts.cfg-dist file for details or check the FAQ:
There is also a daemon-control-dist script provided with the distribution that allows you to easily start, stop and restart the daemon as well as check the status and change the debug level on the fly. The above FAQ entry also contains information for using the daemon-control-dist script.
This version of DenyHosts adds support for the metalog system logger and FreeBSD logging format.
Additionally, alternative deny hosts files can be used to list the offending ip addresses which should be referred to by the systemwide hosts.allow file (see the FAQ for details).
Support for gzipped logfiles has also been added to this release.
Please see the Changelog for more details and consult the FAQ (http://denyhosts.sourceforge.net/faq.html) for more details.
This release adds some new configuration parameters and features. Refer to the changelog for more details.
Fixes a stupid type-o from 0.5.2.
DenyHosts 0.5.2 is here!
Fixes a number of minor bugs. Code cleanup. See release notes for more information.