Results 1 to 5 of 5
  1. #1
    Join Date
    May 2011
    Posts
    81

    host.deny limitations

    I am doing alot of blocking using host.deny file. Currently I have around 10,000 entries there.

    Server is Dual Quad Core i5 16gb ram on SSD drives. Load is still very low + server is 90-95% idle with 0 wait.

    Is there a limit to the amount of entries I can put there before server performance is affected?

  2. #2
    Join Date
    Sep 2008
    Location
    /dev/null
    Posts
    469
    the performance will be affected but the effect will not be noticeable so less blocked ips better performance 10.000 entries is not a big problem, i blocked 22000 on a 1 GB of RAM VPS without any problem
    as long as you are under 25000 blocked ips you will be ok
    Last edited by badboyx; 01-17-2014 at 05:47 AM.

  3. #3
    Join Date
    May 2011
    Posts
    81
    Quote Originally Posted by badboyx View Post
    the performance will be affected but the effect will not be noticeable so less blocked ips better performance 10.000 entries is not a big problem, i blocked 22000 on a 1 GB of RAM VPS without any problem
    Thanks for sharing that. Its good to know. My mind is a little more at ease now.

  4. #4
    Join Date
    Sep 2007
    Location
    Vijayawada
    Posts
    190
    Why don't you rather use DenyHosts or fail2ban so that at least dynamic IPs get unblocked after a certain duration?

  5. #5
    Join Date
    May 2011
    Posts
    81
    Quote Originally Posted by tuxg View Post
    Why don't you rather use DenyHosts or fail2ban so that at least dynamic IPs get unblocked after a certain duration?
    Its a good idea but we already use ASL Firewall from gotroot.com and its helpless because when there is a large attack trying to bruteforce say wordpress, I would rather just put a permanent block on any ip's that are involved in hacking.

    The problem with temp bans, the hackers figure it out real and rotate the ips and when they have thousands of ip's at their disposal its pretty hard work on processing.

    DenyHosts and Fail2ban are pretty nice options for general blocking though, however ASL takes care of that for us.

Similar Threads

  1. Limitations of a host's tech support?
    By i_am_marc in forum Web Hosting
    Replies: 13
    Last Post: 01-05-2014, 11:54 AM
  2. Replies: 40
    Last Post: 10-23-2013, 11:53 AM
  3. APF deny rules still there even if the deny.hosts_rules file is empty!
    By sh4ka in forum Hosting Security and Technology
    Replies: 6
    Last Post: 02-09-2007, 06:17 PM
  4. web host with no email limitations?
    By yehosef in forum Web Hosting
    Replies: 1
    Last Post: 07-25-2006, 09:55 AM
  5. host.deny ? how to?
    By ckizer in forum Web Hosting
    Replies: 2
    Last Post: 08-19-2001, 09:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •