Possibile bug for block time (-p flag)

Comments (12)

Stefano Balzan reporter
- edited description
- 2017-02-16T12:12:41+00:00
Kevin Zheng
- changed version to 1.7
- 2017-02-16T17:21:40+00:00
Kevin Zheng
There are at least two different things going on here:
- The initial block time is controlled by the -p flag. -b is for blacklisting.
- The block time increases by a factor of 1.5x every time an attacker is blocked.
It looks like this is the second time your attacker was blocked ("after 1 abuses over 2 secs"). I wonder what's setting your initial block time?
- 2017-02-16T17:25:43+00:00
Kevin Zheng
- changed status to open
- 2017-02-16T17:25:59+00:00
Stefano Balzan reporter
- changed title to Possibile bug for block time (-p flag)
- edited description
- 2017-02-16T17:59:26+00:00

Stefano Balzan reporter

Sorry, I've mistaken the two flags. You are right, the flag controlling block time is "-p" and that's the one apparently causing issues. I've edited the initial post accordingly.

Here is the entire systemd unit:

[Unit]
Description=Block hacking attempts
After=iptables.service ip6tables.service ufw.service shorewall.service shorewall6.service network.target

[Service]
ExecStart=/usr/lib/systemd/scripts/sshguard-journalctl "-a 20 -p 600 -s 10800 -b 40:/var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10

[Install]
WantedBy=multi-user.target

2017-02-16T18:03:02+00:00

Kevin Zheng
I can reproduce this issue on e10c5e5 (most recent master) by running: sshguard -p 600.
- 2017-03-02T18:32:10+00:00
Kevin Zheng
- changed status to resolved
Fixed in 045ac5a, thanks!
- 2017-03-05T17:24:12+00:00
Kevin Zheng
- changed milestone to 2.0
- assigned issue to
  
  Kevin Zheng
- 2017-03-05T17:24:45+00:00
Stefano Balzan reporter
Thank you very much!
- 2017-03-05T21:50:20+00:00
Kevin Zheng
- removed milestone
Removing milestone: 2.0 (automated comment)
- 2018-06-22T19:44:52+00:00
Kevin Zheng
- removed version
Removing version: 1.7 (automated comment)
- 2020-05-14T22:18:44+00:00
Log in to comment