DenyHosts SERVER_SYNC alternative, ask for unscientific records

I'm safeguarding my ssh server with DenyHosts, and also determined to explore DenyHosts' arrangement to see to it points looked excellent. There is an alternative called SERVER_SYNC, that makes an xmlrpc call and also appears to crowdsource safeguarding an SSH server by utilizing denyhosts' main server to accumulate data concerning negative hosts.

I'm captivated by the suggestion, yet prior to making such a radical adjustment I needed to know, are other individuals utilizing this? If so, please write a little concerning your experience with the SYNC_SERVER alternative in DenyHosts and also any kind of concerns I need to expect. Many thanks.

0
2019-05-18 23:52:06
Source Share
Answers: 1

I absolutely am utilizing it.

It functions as you would certainly anticipate it to and also it is possibly denyhosts best include.

I have a number of web servers every one is set up making use of

SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 
SYNC_INTERVAL = 1h
SYNC_UPLOAD = YES
SYNC_DOWNLOAD = YES

The factor that this is so outstanding is that a strike begins on one server, which creates that IP address to be obstructed on every one of our web servers. So by the time the opponent navigates to the various other web servers he is currently obstructed prior to the strike begins.

See to it you add at the very least one excellent IP address to you permitted - hosts documents and afterwards start utilizing it.

Information of what IP addresses are being obstructed making use of the synchronisation, can be located in the documents "sync - received".

I have actually not located, and also I can not assume of, any kind of disadvantage to utilizing this.

0
2019-12-01 23:03:47
Source