Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
vsftpd configuration?
The only type of log lines that blockhosts catches is:
for vsftpdWed Feb 1 07:15:54 2006 [pid 8860] [bbbb] FAIL LOGIN: Client "127.0.0.1"
But, vsftpd configuration may not be starting a new vsftpd process after failed logins, check process-ids of the thousands of lines you see in your logs, if they are the same, not much can be done with blockhosts.
no such luck, my friend
The log entries you expect are not being generated. Yes, new PIDs are created for every 3 attempts (per my "max_login_fails=3" setting). And I did find a posting from someone else in the forum for a pattern that should match. However, that causes "ERROR: exiting: Config file Error: found invalid/unneeded definition: "VSFTPD-Fail"" to occur, and so nothing gets caught. I'm sure I'm missing something quite simple, but I'm not seeing it.
Pattern name, and python indenting
Change the name of the pattern, if you are not removing the existing VSFTPD-Fail pattern, and make sure the python indentation is correct in the file - spaces are very important!
According to a recently posted comment to this forum topic, vsftpd does work with the default blockhosts.py rules, no changes needed, other than vsftpd configuration: vsftpd-not-well-suited-to-tcpd-wrappers
read carefully
vsftpd 2.05 has not yet made it to the FC5 updates. I'm running FC5 and manually updated to vsftpd 2.05 to get the built-in fail limit.
I did commect out the other VSFTPD-Fail pattern, and did look at the overall format, but didn't count actual spaces. copy/paste from a web page can sure mess that up, so I'll go recheck it. Thanks.
still need help with vsftpd
In 1 day, 761 separate connections with 2283 attempts on user Administrator. The blockhosts.py script is being run on FTP connections, but it is not finding log entries that match the given filter. My initial posting in this thread shows the only log entry format that results from a failed attempt. I did find a filter in another thread that should have worked, but it's somehow not formatted properly and prevents the blockhosts.py script from doing anything other than generating an error message. At least these failed attempts are all on invalid users, but I'd still like to have the right filter in place to catch this if they start on any valid user names.