[TriLUG] Denyhosts and Custom Regex
porter at trilug.org
Fri Nov 7 09:24:18 EST 2008
> I've written a custom regular expression to add to hosts.deny
> addresses that visit port 80 more than once.
This does not make sense to me.
Denyhosts is supposed to keep password-guessers out of your system.
If someone is hitting your SSH daemon with HTTP traffic, then that
is a completely different problem. It's harmless (although it *does*
use up a little bit of SSHD resources to answer the call -- adding
their IP to hosts.deny would move that burden from sshd to libwrap).
It's not as if they are trying DDOS you. And SSHD is certainly not
going to let them in. So why would you want to block these mis-guided
web hits that happen to bump into your SSHD port?
More information about the TriLUG