2.0.3, May 17, 2007: 

 * fixed invalid Error message when --iptables is on. It is not an error
   when the command to create chain is run multiple times.
   This was only a message issue, program was setting iptables correctly.

 * fixed Solaris ftpd pattern in blockhosts.cfg

 * fixed log scanning: changed .*? to .* in appropriate patterns.
   Bug allowed remote attackers to add arbitrary hosts to the blocked list
   and cause a denial of service. Demonstratable by logging in to ssh
   using a login name containing certain strings with an IP address
   Similar issue as this:  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6301

 * added rule for Qpopper POP3 server access failures
   This is commented out by default, so needs to be manually enabled
   in config file blockhosts.cfg.

 * added LICENSE file to RPM package, updated setup.cfg

 * removed P<user> from regular expressions, it was not used at all

2.0.2, April 1, 2007: 

 * ALL_REGEX_STRS are now read from the config file - no longer embedded
   in the code. Therefore, blockhosts.cfg is now required, not optional.
   This also makes it easy to turn on/off all the patterns, helpful since
   the list of patterns has grown large.
   Other than SSH/FTP log checks, all other patterns are now commented
   out, so should be re-enabled in blockhosts.cfg if needed.

 * mail messages can now include the log statements, see MAIL_LOG_MESSAGES
   boolean flag in blockhosts.cfg

 * copied requirements to clarify that extended version of hosts access
   control language as described in man hosts_options is required for
   using hosts.access/hosts.deny control methods - copied this to INSTALL
   file from blockhosts.py

 * (2.0.0) Old ALL_REGEX renamed to ALL_REGEX_STRS for configuration - no
   need to prefix with re.compile(, just provide raw string in that dict

 * "Charaoui, Jerome" <jcharaoui@cmaisonneuve.qc.ca> sent in Proftpd log
   lines that don't have a : after the PID, so updated the rules to
   make : optional after the PID

 * handle error return from iproute/iptables commands

 * fixed bug in config file LOCKFILE handling - should be accepted in the
   blockhosts section, not in common section

 * added rule for Solaris 10 ftpd failures

2.0.1, March 4, 2007: 

 * cleaned up TCP/IP Blocking options - now called --iproute and
   --iptables to be clearer as to their intent
   --ipdrop no longer available, this is replaced by --iproute

 * removed previously deprecated bhmail.py script, use
   --mail option for same functionality in blockhosts.py

 * made all time/format/constants to be class variables of main Config
   class instead of module globals

 * message level options (--verbose, --debug, --quiet, etc) can now be
   set in the config file using the VERBOSE key

2.0.0, March 3, 2007: 

 * NOTE: blockhosts.cfg now updated with some incompatible changes, so 
   will need manual merge for any locally modified blockhosts.cfg file

 * blockhosts now has direct support for email notification, see 
   --mail option

 * added null routing and ip tables packet filtering functionality, this
   will enable blocking protection for all services, not just TCP
   WRAPPERS enabled services. See options
   --ipdrop
   --iptables

 * Removed the --block (BLOCK_SERVICES) option, a more general way to
   define the lines to add to hosts.allow or other block files is
   available by using the HOST_BLOCKLINE configuration in the config file

 * Configuration file is now required, either the default file
   (/etc/blockhosts.cfg) or the one specified in the --config option
   must be readble by blockhosts.py

 * added bhrss.py script to provide RSS feeds of currently blocked
   address, as well as addresses just being watched:

   http://....../cgi-bin/bhrss.py              [to get all blocked]
   http://....../cgi-bin/bhrss.py?q=watching   [to get all blocked as well as watched addresses]

 * removed use of datetime module, now using the basic time module, which
   handles local time zones as expected, unlike datetime.

 * change time display format in block file (hosts.allow) to follow ISO
   format - YY-MM-DD HH:MM:SS
   old time format will be supported for reading in (used when new
   version is first run)

 * deprecated the script bhmail.py, it will go away in a future release
   since the --mail option supports all that functionality

1.1.0, February 19, 2007: 

 * added bhmail.py helper script to send email on newly blocked IP, with
   list of all currently blocked addresses

 * re-arranged config file /etc/blockhosts.cfg - now includes global
   section, and separate sections for blockhosts.py and bhmail.py

 * added (::ffff:)? before all P<host> matches in regular expressions

 * add the blocked IP address sorted by date added, newest first 

 * add rule to block Dovecot IMAP/POP3 server failures, previously had
   also added rule to block ipop3d login failures, and PureFTPD failures

1.0.7, January 2, 2007: 

 * problem with shipped example blockhosts.cfg - need line 126 to have
   four spaces in front of the curly brace closing ALL_REGEX

1.0.6, January 1, 2007: 

 * added RPM package back, using workaround mentioned in the BlockHosts forum:
   add this line to /etc/rpm/macros:
%_unpackaged_files_terminate_build 0
   Also added logrotate file to distribution install to /etc/logrotate.d

1.0.5, December 27, 2006: 

 * Not including noarch.rpm with this release - the scripts that used to
   work, no longer work, and from searching on the web, this may be
   a distutils/rpmbuild interaction problem. For now, use the non-RPM
   install instructions to install this program, INSTALL has details.
   Ref: http://www.mail-archive.com/distutils-sig@python.org/msg02536.html
   But the fix mentioned in that email thread did not fix blockhosts rpm
   build.

 * Expanded SSHD-Invalid regexp: got new form of a log line - has [ID] in it, 
   now able to catch this:
Oct  4 12:04:50 hostname.host.net sshd[1110]: [ID 800047 auth.info] Illegal user slime from 10.10.102.101

 * Fixed bug: --ignore-offset was not being acted upon

 * Fixed bug: exception when blockfile is not update-able -
   update_hosts_blockfile, around line 705:
   UnboundLocalError: local variable 'fp' referenced before assignment
   Now, if blockfile (usually /etc/hosts.allow) cannot be written to,
   prints appropriate message.

 * Added logrotate configuration, in case verbose logging to
   /var/log/blockhosts.log is being used, also updated INSTALL file to
   point out that it is not necessary to use verbose logging, the minimal
   logging using syslog (which usually goes to /var/log/messages) is
   enough. File added to distribution is called: logrotate
   This is courtesy of an email from Santeri P., with some modifications.

1.0.4, February 18, 2006: 

 * Make P<pid> optional in the regexs, match a PID group only if it is
   necessary to restrict matches to IP-PID unique keys and not just IP
   For example, SSHD uses the PID to ignore duplicate log line matches
   from the same SSHD process.
   But for VSFTPD, which uses a single process and allows any number of
   login failures in one connection, each log line should be counted even
   though the PID is the same for those log lines.

 * Added comment about how using tcpd wrappers for VSFTPD is not really
   helpful since vsftpd allows unlimited password attempts on a single
   connection. This is now documented in README.

 * Added rule for Pure-FTPd, from a posting in the BlockHosts forum.

1.0.3, November 06, 2005: 

 * SSHD-Invalid rule now accepts "Invalid" or "Illegal" words.
   "Illegal" was added based on a report regarding Debian linux installs.

1.0.2, October 29, 2005: 
 * Added back check for "Failed password.." line in addition to "Invalid
   user".
   This is needed when PasswordAuthentication is yes, and PermitRootLogin
   is no. In this case, sshd only prints a "Failed password" line, does
   not print "Invalid user" line.
   For non-root users, both lines are printed. To prevent double counting
   of the IP address for the same connection, blockhosts.py now looks at
   process-id also, and will only count one failure per process id.

1.0.1, October 26, 2005: 

 * .cfg file changed to include "Invalid user" matches, and disabled the
   "Failed Password " match.  Looks like sshd always puts a "Invalid user"
   line irrespective of passwords yes/no.
   It puts "Failed password" line if PasswordAuthentication is "no"
   in sshd_config, in which case, it also puts out the "Invalid user"
   line.  So, to cover the most cases, I've now disabled the
   "Failed password" line by default, and enabled the "Invalid user" line
   instead.
   Same change applied to built-in rules in blockhosts.py
   Thanks to Paul Eden <paul@benchline.org> for an email mentioning log
   behavior when PasswordAuthentication is "no", that led me to this
   simplifying of the blockhosts rules.

1.0.0, June 11, 2005: 

 * First official release.

 * Support for --discard=0, which will expire all counts/hosts, and start
   counting afresh from that point in time. Useful for the first run
   of this program, to start with a clean slate. Without this, it will
   take one cycle (default 12 hours) to get all really old IP addresses
   cleaned out.

 * Added --echo "tag" option, see example shown in the INSTALL file, for
   use in the hosts.allow file to pass client and server info to
   blockhosts.py. This echo tag can be used to identify particular
   execution of blockhosts.py - which client kicked it off, and name of
   the server daemon invoked.

 * Updated INSTALL with rpm install instructions.

0.9.0, May 30, 2005: 

 * Removed import of mx.Tools.NewBuiltins, use eval() for all .cfg file
   input, since eval() has to be used for atleast one of the lines anyway

 * Switched to using "ProFTPD" instead of "VsFTPD" as the default.
   Removed /var/log/vsftpd.log from default logfiles.
   Now only reads from /var/log/secure
   This is enough for sshd & proftpd
   [I could not get vstpd to work on Fedora FC3, ProFTPD worked, so
   switched to ProFTPD.]

 * Minor updates to --help output; added more info in INSTALL file

 * Added syslog() updates - only errors and final non-error message with
   updated counts is sent to syslog

 * Updated makefile to produce a "man page"

0.5.0, May 17, 2005: 
 * Important: by default, this program now uses /etc/hosts.allow as the
   hosts-block-file.
   hosts.deny is being deprecated on some platforms, additionally,
   this will make things simple since a single file - hosts.allow can be
   used to both allow or deny a host.

 * Important: argument name changed:
   new name: --blockfile <hosts-block-file-name> 
   is to be used instead of the old --denyfile
   The default value for this is "/etc/hosts.allow", so to get old
   behavior, use --blockfile=/etc/hosts.deny

 * To support above, the blockhosts.cfg option HOSTS_DENYFILE changed to
   HOSTS_BLOCKFILE

 * Added more documentation, INSTALL file has instructions and example
0.5.1, - bug fix:
 * 

0.4.0, May 15, 2005: 
 * Bug fixed, line 802, offset may be left uninitialized, so reading in
 new logfiles would fail

0.3.0, May 15, 2005: 
 * Many changes, some options also may have changed from 0.1.0
 * Uses a config file at /etc/blockhosts.cfg
 * added many more options, and --help
 * Coding flow modified, catching appropriate exceptions, more careful in
 * updating hosts.deny

0.1.0, May 8, 2005: initial release
