Mind the terminology there:
- attack is one "dangerous record" in your logs
- abuse as many "dangerous records" (attacks) as it takes to block the attacker
Attackers are blocked after (by default) 4 attacks, but blacklisted after 3 abuses.
That is, your attacker has got to be blocked three times (12 attacks) to end up in
the blacklist. If you want to blacklist right away, use -b 1:/var/...
However, use with care. See
http://www.sshguard.net/docs/faqs/#why-addresses-released
p.s.: do not use "Reply" to the subscription confirmation to write to the mailing list.
Be good to the archives and make the effort of producing a new message and
make up a significant Subject for it.
On Feb 18, 2010, at 03:43 , ravikiran velineni wrote:
> Hello Everyone,
>
> I am using sshguard 1.4 version on freebsd 7. It is able to block ip address and release according to number of abuses. But, when i issued the command
> sshguard b 3:/var/db/sshguard/blacklist.db . even though from same ip there are more than three abuses it is not blacklisting the ip. it is releasing the IP again. i can able to do ssh. Anyone help me out in this regard. I will appreciate you help.
>
> Thank you,
> Ravi. v.
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev_______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
