How do I see that an attack is blocked?

Hi,

first of all thanks for the great software. I tried some other scripts before but nothing is as sophisticated as BlockHosts.

I have a rather general question and didn't find anything in the manpages:

What happens if a host is blocked by hosts.allow? Does that mean, that the "attacker" can even enter valid user and pass and doesn't get in? Or isn't he supposed to get any prompt?

I discoverd in my logfiles that some bot tried dozens of usernames to get in via SSH, his IP was blocked by Blockhosts but yet he continued trying. Is that correct? Or does something not work properly?

Cheers,
Ben

should be blocked completely

Once a IP address is in the /etc/hosts.allow file with the :deny flag, that IP address should not even be allowed to connect.

Therefore, there is probably some other rule before the :deny line that is letting that IP address into your system.
Or, the service you are trying to block is not using the TCP_WRAPPERS at all - the man page describes the requirements for blockhosts.

my mistake

Thanks for your quick reply.

In fact, I am stupid. ;-) I still had the testing routine at the beginning of hosts.allow.

I guess it should work now...

Ben