Menu
▾
▴
Re: [Sshguard-users] blacklisting IPs that are whitelisted
|
From: Willem J. W. <wj...@di...> - 2015-07-23 13:40:18
|
On 23/07/2015 15:20, Kevin Zheng wrote: > On 07/23/2015 18:24, @lbutlr wrote: >> the behavior has changed since yesterday. Over 1200 IPs are listed in >> /etc/hosts.deny and /etc/hosts.allow is empty. Something else is >> going on here, right? > > I'm not very familiar with the 'hosts' backend, so I'm not sure. I > believe SSHGuard should only be making changes to one file, which is set > at compile time. > > I'd be interested to hear if you find out what's going on. It is normal to dump everything into /etc/hosts.deny, as is suggested in the header in /etc/hosts.deny... It now can go all in the same file. The fact is that 1200 addresses seems a lot, but I have servers with over 8000 blacklisted ipnrs. And on those servers I manually blacklist C-nets(/24) (mostly russian/asian) which have more than a 10-15%% coverage. so if more that 32 ipnrs in a segment try to abuse the system, I don't wait, I just block the whole C-net. --WjW |
