Menu
▾
▴
Re: [Sshguard-users] Welcome to the "Sshguard-users" mailing list
|
From: Mij <mi...@ss...> - 2010-02-18 10:21:45
|
Mind the terminology there: - attack is one "dangerous record" in your logs - abuse as many "dangerous records" (attacks) as it takes to block the attacker Attackers are blocked after (by default) 4 attacks, but blacklisted after 3 abuses. That is, your attacker has got to be blocked three times (12 attacks) to end up in the blacklist. If you want to blacklist right away, use -b 1:/var/... However, use with care. See http://www.sshguard.net/docs/faqs/#why-addresses-released p.s.: do not use "Reply" to the subscription confirmation to write to the mailing list. Be good to the archives and make the effort of producing a new message and make up a significant Subject for it. On Feb 18, 2010, at 03:43 , ravikiran velineni wrote: > Hello Everyone, > > I am using sshguard 1.4 version on freebsd 7. It is able to block ip address and release according to number of abuses. But, when i issued the command > sshguard b 3:/var/db/sshguard/blacklist.db . even though from same ip there are more than three abuses it is not blacklisting the ip. it is releasing the IP again. i can able to do ssh. Anyone help me out in this regard. I will appreciate you help. > > Thank you, > Ravi. v. > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev_______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
