Re: fail2ban: default 5 attemps == 1 SSH client connection?

Steffen Dettmer wrote: > I encountered multiple times that debian based containers use fail2ban by > default with a max attempt value of 5, even for SSH logins using strong > asymmetric keys. There is no "debian based container" standard. Talk to whoever built your container. (Why isn't it you?)

Re: fail2ban Squawk

Martin McCormick wrote: > I was attempting to setup a systemd timer and checking the syntax of > that when I ran across a complaint from the fail2ban program which is > a bit confusing. It reads: > /lib/systemd/system/fail2ban.service:12: PIDFile= references path below > legacy directory /var/

Re: fail2ban Squawk

Martin McCormick writes: /lib/systemd/system/fail2ban.service:12: PIDFile= references path below legacy directory /var/run/, updating /var/run/fail2ban/fail2ban.pid → /run/fail2ban/fail2ban.pid; please update the unit file accordingly. So I looked in to that file and the actual line

Re: fail2ban for apache2

Gene Heskett wrote: > It, iptables, did not get restarted on the fresh boot, so obviously the > systemd manager hasn't been informed to start iptables, reloading > from /etc/iptables/saved-rules. You would not be having these problems were you using Shorewall... -- John Hasler jhas...@newsguy

Re: fail2ban for apache2

On Du, 01 dec 19, 22:28:43, Gene Heskett wrote: > > It, iptables, did not get restarted on the fresh boot, so obviously the > systemd manager hasn't been informed to start iptables, reloading > from /etc/iptables/saved-rules. To my knowledge Debian doesn't include anything like this by defau

Re: fail2ban for apache2

On Tuesday 12 November 2019 21:35:49 Gene Heskett wrote: > On Tuesday 12 November 2019 19:53:15 John Hasler wrote: > > I wrote: > > > Install Shorewall. > > > > Gene writes: > > > Did, spent half an hour reading its man page, but I don't see a > > > command that will extract and save an existing i

Re: fail2ban for apache2

On Tuesday 12 November 2019 20:03:12 ghe wrote: > On 11/12/19 5:46 PM, Gene Heskett wrote: > > Oh goody and I get to name & pick the file and its location. Now, > > wheres a good place to put the restore in the reboot path? > > How about /etc? Or /etc/init.d? That's where mine is... I've already

Re: fail2ban for apache2

On Tuesday 12 November 2019 19:53:15 John Hasler wrote: > I wrote: > > Install Shorewall. > > Gene writes: > > Did, spent half an hour reading its man page, but I don't see a > > command that will extract and save an existing iptables setup, and a > > later reapply of that saved data. > > I meant

Re: fail2ban for apache2

On 11/12/19 5:46 PM, Gene Heskett wrote: > Oh goody and I get to name & pick the file and its location. Now, wheres > a good place to put the restore in the reboot path? How about /etc? Or /etc/init.d? That's where mine is... -- Glenn English

Re: fail2ban for apache2

I wrote: > Install Shorewall. Gene writes: > Did, spent half an hour reading its man page, but I don't see a > command that will extract and save an existing iptables setup, and a > later reapply of that saved data. I meant use it instead of using Iptables directly: the package takes care of rest

Re: fail2ban for apache2

On Tuesday 12 November 2019 16:04:07 to...@tuxteam.de wrote: > On Tue, Nov 12, 2019 at 12:40:45PM -0500, Gene Heskett wrote: > > [...] > > > So I have to find all that in the history and re-invent > > a 33 line filter DROP. I'll be baqck when I've stuck a hot tater in > > semrushes exit port. > >

Re: fail2ban for apache2

On Tuesday 12 November 2019 14:28:38 John Hasler wrote: > Gene writes: > > So I had been adding iptables rules but had to reboot this morning > > to get a baseline cups start, only to find my iptables rules were > > all gone and the bots are DDOSing me again. > > Install Shorewall. Did, spent hal

Re: fail2ban for apache2

On Tuesday 12 November 2019 13:30:24 ghe wrote: > Gene wrote > > > So I had been adding iptables rules but had to reboot this > > morning to get a baseline cups start, only to find my iptables rules > > were all gone and the bots are DDOSing me again. Grrr > > 0) Can you block them with an ACL

Re: fail2ban for apache2

On Tue, Nov 12, 2019 at 12:40:45PM -0500, Gene Heskett wrote: [...] > So I have to find all that in the history and re-invent > a 33 line filter DROP. I'll be baqck when I've stuck a hot tater in > semrushes exit port. See iptables-save (will dump the currently active iptables to a file) and ip

Re: fail2ban for apache2

Gene writes: > So I had been adding iptables rules but had to reboot this morning to > get a baseline cups start, only to find my iptables rules were all > gone and the bots are DDOSing me again. Install Shorewall. -- John Hasler jhas...@newsguy.com Elmwood, WI USA

Re: fail2ban for apache2

Gene wrote > So I had been adding iptables rules but had to reboot this > morning to get a baseline cups start, only to find my iptables rules > were all gone and the bots are DDOSing me again. Grrr 0) Can you block them with an ACL in your router/firewall? And wr mem so the ACL will be the

Re: fail2ban for apache2

On Tuesday 12 November 2019 11:01:08 Lee wrote: > On 11/11/19, Gene Heskett wrote: > > On Monday 11 November 2019 08:33:13 Greg Wooledge wrote: > > ... snip ... > > >> I *know* I told you to look at your log files, and to turn on > >> user-agent logging if necessary. > >> > >> I don't remember

Re: fail2ban for apache2

On 11/11/19, Gene Heskett wrote: > On Monday 11 November 2019 08:33:13 Greg Wooledge wrote: ... snip ... >> I *know* I told you to look at your log files, and to turn on >> user-agent logging if necessary. >> >> I don't remember seeing you ever *post* your log files here, not even >> a single li

Re: fail2ban for apache2

On 11/11/19, Greg Wooledge wrote: > On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote: >> >> HTTP/1.1" 200 554724 "-" "Mozilla/5.0 (compatible; Daum/4.1; >> +http://cs.daum.net/faq/15/4118.html?faqId=28966)" >> coyote.coyote.den:80 203.133.169.54 - - >> [11/Nov/2019:12:11:29 -0500] "GET

Re: fail2ban for apache2

Sorry Gene. Hit reply instead of reply list. On 11/11/19 12:18 PM, Gene Heskett wrote: On Monday 11 November 2019 08:33:13 Greg Wooledge wrote: I have a list of ipv4's I want fail2ban to block. Not sure that fail2ban is the best tool for the job. Where you already have a list of IPs that you

Re: fail2ban for apache2

On Monday 11 November 2019 12:38:09 Greg Wooledge wrote: > On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote: > > Only one log file seems to have useful data, the "other..." file, > > and I have posted several single lines here, but here's a few more: > > > > coyote.coyote.den:80 40.94

Re: fail2ban for apache2

On Mon, Nov 11, 2019 at 12:18:17PM -0500, Gene Heskett wrote: > Only one log file seems to have useful data, the "other..." file, and I > have posted several single lines here, but here's a few more: > > coyote.coyote.den:80 40.94.105.9 - - > [11/Nov/2019:12:08:53 -0500] "GET /gene/ HTTP/1.1" 2

Re: fail2ban for apache2

On Monday 11 November 2019 08:33:13 Greg Wooledge wrote: > > > > I have a list of ipv4's I want fail2ban to block. > > > > > > Not sure that fail2ban is the best tool for the job. Where you > > > already have a list of IPs that you want to block why not just > > > directly create the iptables rule

Re: fail2ban for apache2

On Mon, Nov 11, 2019 at 02:52:36PM +0100, to...@tuxteam.de wrote: > On Mon, Nov 11, 2019 at 08:33:13AM -0500, Greg Wooledge wrote: > > > > > I have a list of ipv4's I want fail2ban to block. > > [...] > > > I don't remember seeing you ever *post* your log files here, not even > > a single line fr

Re: fail2ban for apache2

On Mon, Nov 11, 2019 at 08:33:13AM -0500, Greg Wooledge wrote: > > > > I have a list of ipv4's I want fail2ban to block. [...] > I don't remember seeing you ever *post* your log files here, not even > a single line from a single instance of this bot. Maybe I missed it. We had one sample in this

Re: fail2ban for apache2

> > > I have a list of ipv4's I want fail2ban to block. > > > > Not sure that fail2ban is the best tool for the job. Where you already > > have a list of IPs that you want to block why not just directly create > > the iptables rules? > > just did that, got most of them but semrush apparently has f

Re: fail2ban for apache2

On Sun, Nov 10, 2019 at 06:07:37PM -0500, Gene Heskett wrote: > On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote: > > > On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: > > > On Sunday 10 November 2019 08:02:46 Michael wrote: > > > > > > Which contains such gems as this: > >

Re: fail2ban for apache2

On Monday, November 11, 2019 12:07:37 AM CET, Gene Heskett wrote: On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote: On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: ... I don't see an obvious field delimiter in this. Tomas. Is it definable? like thomas told you earlier

Re: fail2ban for apache2

On Sun, 2019-11-10 at 19:37 +, Brian wrote: > On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote: > [...] > > One thing you could try is to examine the iptables rule counters > > daily/weekly. If the counters do not increase during some > > interval, > > then the rule is no longer usef

Re: fail2ban for apache2

On Sunday 10 November 2019 18:07:37 Gene Heskett wrote: > On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote: > > On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: > > > On Sunday 10 November 2019 08:02:46 Michael wrote: > > > > > > Which contains such gems as this: > > > coyot

Re: fail2ban for apache2

On Sunday 10 November 2019 16:07:22 to...@tuxteam.de wrote: > On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: > > On Sunday 10 November 2019 08:02:46 Michael wrote: > > > > Which contains such gems as this: > > coyote.coyote.den:80 40.77.167.79 - - > > [10/Nov/2019:10:44:45 -0500] "G

Re: fail2ban for apache2

On Sunday 10 November 2019 14:37:58 Brian wrote: > On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote: > > Brian writes: > > > On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote: > > >> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: > > >> > I was able, with the help o

Re: fail2ban for apache2

On Sun, Nov 10, 2019 at 10:55:03AM -0500, Gene Heskett wrote: > On Sunday 10 November 2019 08:02:46 Michael wrote: > Which contains such gems as this: > coyote.coyote.den:80 40.77.167.79 - - > [10/Nov/2019:10:44:45 -0500] "GET /gene/fence/18.html HTTP/1.1" 200 > 1121 "-" "Mozilla/5.0 (iPhone; CP

Re: fail2ban for apache2

On Sun 10 Nov 2019 at 10:26:17 -0800, Kushal Kumaran wrote: > Brian writes: > > > On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote: > > > >> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: > >> > >> > I was able, with the help of another responder to carve up some iptables

Re: fail2ban for apache2

On 11/10/19 8:55 AM, Gene Heskett wrote: > Thats an approximate idea of my understanding how it works, but to > gradually transit from manual reading of the logs and applying iptable > rules to block the miscreants, the first step would seem to indicate > training fail2ban to read the same log

Re: fail2ban for apache2

Brian writes: > On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote: > >> On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: >> >> > I was able, with the help of another responder to carve up some iptables >> > rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 other

Re: fail2ban for apache2

On Sunday 10 November 2019 08:02:46 Michael wrote: > On Sunday, November 10, 2019 1:39:24 PM CET, to...@tuxteam.de wrote: > > On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote: > >> On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote: > >>> On Sun, Nov 10, 2019 at 06:08:52AM -050

Re: fail2ban for apache2

On Sunday, November 10, 2019 1:39:24 PM CET, to...@tuxteam.de wrote: On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote: On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote: On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote: But... you can just configure your Apac

Re: fail2ban for apache2

On Sun 10 Nov 2019 at 11:01:07 +0100, Michael wrote: > On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: > > > I was able, with the help of another responder to carve up some iptables > > rules to stop the DDOS that semrush, yandex, bingbot, and 2 or 3 others > > were bound to do

Re: fail2ban for apache2

On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote: > On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote: > > > On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote: [...] > > - assess client behaviour [...] > Humm. That would take a user-agent trigger [...] Bingo.

Re: fail2ban for apache2

On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote: > On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote: > > [...] > > > But, I'm getting the impression that it has to fail before fail2ban > > kicks in [...] > > No. It has to "succeed" once before fail2ban can do its job. It is:

Re: fail2ban for apache2

On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote: [...] > But, I'm getting the impression that it has to fail before fail2ban kicks > in [...] No. It has to "succeed" once before fail2ban can do its job. It is: - assess client behaviour - http server writes a log entry (or a set

Re: fail2ban for apache2

On Sunday 10 November 2019 05:01:07 Michael wrote: > On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: > > Whats this "jail"? The beginners tut seems to assume we've all had > > cs101 thru cs401 and Just Know all the secret handshakes bs already. > > no idea what you're talking abo

Re: fail2ban for apache2

On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote: Whats this "jail"? The beginners tut seems to assume we've all had cs101 thru cs401 and Just Know all the secret handshakes bs already. no idea what you're talking about... i almost never read any tutorial, just man pages. that'

Re: fail2ban for apache2

On Saturday 09 November 2019 15:07:51 mick crane wrote: > On 2019-11-09 18:01, Gene Heskett wrote: > > On Saturday 09 November 2019 08:59:14 Michael wrote: > >> > Rather then to use fail2ban for this, I would create un ipset > >> > that fail2ban can populate then use that ipset in iptables. > >> >

Re: fail2ban for apache2

On Sat 09 Nov 2019 at 20:07:51 +, mick crane wrote: > I like Gene, he is trying to make something work. The "something" is what is at issue. > When all this stuff started there seemed to be some sort of logic to it and > I can't say I understood much of it but the thing seems to be now that

Re: fail2ban for apache2

On 2019-11-09 18:01, Gene Heskett wrote: On Saturday 09 November 2019 08:59:14 Michael wrote: > Rather then to use fail2ban for this, I would create un ipset that > fail2ban can populate then use that ipset in iptables. i agree, but: > One advantage of this is that you can add/delete ip from t

Re: fail2ban for apache2

Hello, On Sat, Nov 09, 2019 at 01:34:11PM -0500, Gene Heskett wrote: > On Saturday 09 November 2019 10:10:53 Andy Smith wrote: > > You've repeatedly been advised to block these bots in Apache by > > their UserAgent. Have you tried that yet? It would be a lot simpler > > than fail2ban or trying to

Re: fail2ban for apache2

On Saturday 09 November 2019 10:37:09 john doe wrote: > On 11/9/2019 2:43 PM, Gene Heskett wrote: > > On Saturday 09 November 2019 03:36:49 john doe wrote: > >> On 11/9/2019 8:30 AM, Gene Heskett wrote: > >>> I have a list of ipv4's I want fail2ban to block. But amongst the > >>> numerous subdirs

Re: fail2ban for apache2

On Saturday 09 November 2019 10:10:53 Andy Smith wrote: > Hello, > > On Sat, Nov 09, 2019 at 08:43:25AM -0500, Gene Heskett wrote: > > I've done that with the help of a previous responder and now have > > 99% of the pigs that ignore my robots.txt blocked. semrush is > > extremely determined and ha

Re: fail2ban for apache2

On Saturday 09 November 2019 08:59:14 Michael wrote: > > Rather then to use fail2ban for this, I would create un ipset that > > fail2ban can populate then use that ipset in iptables. > > i agree, but: > > One advantage of this is that you can add/delete ip from the ipset > > without having to rest

Re: fail2ban for apache2

On 2019-11-09, john doe wrote: > > Note that using IPs directly is an red herring; you need to use other > means (UserAgent ...) to identify those bots. Over at semrush they advise the following (with robots.txt in the top directory of the server): To stop SEMrushBot from crawling your site, ad

Re: fail2ban for apache2

On 11/9/2019 2:43 PM, Gene Heskett wrote: > On Saturday 09 November 2019 03:36:49 john doe wrote: > >> On 11/9/2019 8:30 AM, Gene Heskett wrote: >>> I have a list of ipv4's I want fail2ban to block. But amongst the >>> numerous subdirs for fail2ban, I cannot find one that looks suitable >>> to put

Re: fail2ban for apache2

Hello, On Sat, Nov 09, 2019 at 08:43:25AM -0500, Gene Heskett wrote: > I've done that with the help of a previous responder and now have 99% of > the pigs that ignore my robots.txt blocked. semrush is extremely > determined and has switched to a 4th address I've not seen before, but > is no lon

Re: fail2ban for apache2

Rather then to use fail2ban for this, I would create un ipset that fail2ban can populate then use that ipset in iptables. i agree, but: One advantage of this is that you can add/delete ip from the ipset without having to restart fail2ban/iptables. RTFM fail2ban allows you to 'unban' an ip a

Re: fail2ban for apache2

On Saturday 09 November 2019 04:01:32 to...@tuxteam.de wrote: > On Sat, Nov 09, 2019 at 03:36:49AM -0500, Gene Heskett wrote: > > On Saturday 09 November 2019 02:49:16 mett wrote: > > > On 2019年11月9日 16:30:57 JST, Gene Heskett wrote: > > > >I have a list of ipv4's I want fail2ban to block. But a

Re: fail2ban for apache2

On Saturday 09 November 2019 03:36:49 john doe wrote: > On 11/9/2019 8:30 AM, Gene Heskett wrote: > > I have a list of ipv4's I want fail2ban to block. But amongst the > > numerous subdirs for fail2ban, I cannot find one that looks suitable > > to put this list of addresses in so the are blocked f

Re: fail2ban for apache2

On Sat, Nov 09, 2019 at 03:36:49AM -0500, Gene Heskett wrote: > On Saturday 09 November 2019 02:49:16 mett wrote: > > > On 2019年11月9日 16:30:57 JST, Gene Heskett wrote: > > >I have a list of ipv4's I want fail2ban to block. But amongst the > > >numerous subdirs for fail2ban, I cannot find one that

Re: fail2ban for apache2

On 11/9/2019 8:30 AM, Gene Heskett wrote: > I have a list of ipv4's I want fail2ban to block. But amongst the > numerous subdirs for fail2ban, I cannot find one that looks suitable to > put this list of addresses in so the are blocked forever. Can someone > more familiar with how fail2ban works gi

Re: fail2ban for apache2

On Saturday 09 November 2019 02:55:45 darb wrote: > * Gene Heskett wrote: > > I have a list of ipv4's I want fail2ban to block. But amongst the > > numerous subdirs for fail2ban, I cannot find one that looks suitable > > to put this list of addresses in so the are blocked forever. Can > > someone

Re: fail2ban for apache2

On Saturday 09 November 2019 02:49:16 mett wrote: > On 2019年11月9日 16:30:57 JST, Gene Heskett wrote: > >I have a list of ipv4's I want fail2ban to block. But amongst the > >numerous subdirs for fail2ban, I cannot find one that looks suitable > > to > > > >put this list of addresses in so the are b

Re: fail2ban for apache2

On 2019年11月9日 16:30:57 JST, Gene Heskett wrote: >I have a list of ipv4's I want fail2ban to block. But amongst the >numerous subdirs for fail2ban, I cannot find one that looks suitable to > >put this list of addresses in so the are blocked forever. Can someone >more familiar with how fail2ban w

Re: fail2ban for apache2

* Gene Heskett wrote: > I have a list of ipv4's I want fail2ban to block. But amongst the > numerous subdirs for fail2ban, I cannot find one that looks suitable to > put this list of addresses in so the are blocked forever. Can someone > more familiar with how fail2ban works give me a hand? Th

Re: Fail2Ban Question: Can I do this without restarting the service?

On Sat 18 Aug 2018 at 17:55:50 +0200, john doe wrote: > On 8/17/2018 7:35 PM, Brian wrote: > > On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: > > > > > Also, a server without firewall capibility should never be facing > > > internet. > > > > Why? "never" seems a little strong. Mine does;

Re: Fail2Ban Question: Can I do this without restarting the service?

Hi. On Sat, Aug 18, 2018 at 05:55:50PM +0200, john doe wrote: > On 8/17/2018 7:35 PM, Brian wrote: > > On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: > > > > > Also, a server without firewall capibility should never be facing > > > internet. > > > > Why? "never" seems a little st

Re: Fail2Ban Question: Can I do this without restarting the service?

On 8/17/2018 7:35 PM, Brian wrote: On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: Also, a server without firewall capibility should never be facing internet. Why? "never" seems a little strong. Mine does; what's the problem? Given the fact that the OP want's to use fail2ban and has

Re: Fail2Ban Question: Can I do this without restarting the service?

On Fri, Aug 17, 2018 at 05:28:50PM -0400, cyaiplexys wrote: > While I don't travel, the co-admin travels a LOT and doesn't always stay at > hotels. Sometimes they are on the road, getting wifi other places, etc. So > again, probably not possible to even get a good range. Yes, agreed, you probably

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/17/2018 04:58 PM, Dave Sherohman wrote: [Snipped some useful info] I *never ever* use port 22 for ssh. I pick some random port that I know isn't going to be used for anything else on the server and set ssh to use that port instead. How do I set ufw to use the ssh port of my choosing? In

Re: Fail2Ban Question: Can I do this without restarting the service?

On Fri, Aug 17, 2018 at 12:50:16PM -0400, cyaiplexys wrote: > If I'm following you so far, ufw is a firewall like iptables? Or a > replacement for iptables? ufw is a more user-friendly front end for managing iptables rules. Under the hood, it's still iptables doing the actual firewalling. (After u

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/17/2018 01:59 PM, Brian wrote: On Fri 17 Aug 2018 at 13:56:03 -0400, cyaiplexys wrote: So do I have to sudo apt-get iptables or is that already installed? dpkg -l iptables Looks like it's in there: $ dpkg -l iptables Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-f

Re: Fail2Ban Question: Can I do this without restarting the service?

On Fri 17 Aug 2018 at 12:50:16 -0400, cyaiplexys wrote: > I *never ever* use port 22 for ssh. I pick some random port that I know > isn't going to be used for anything else on the server and set ssh to use > that port instead. How do I set ufw to use the ssh port of my choosing? Not a bad tactic;

Re: Fail2Ban Question: Can I do this without restarting the service?

On Fri 17 Aug 2018 at 13:56:03 -0400, cyaiplexys wrote: > So do I have to sudo apt-get iptables or is that already installed? dpkg -l iptables -- Brian.

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/17/2018 01:16 PM, john doe wrote: On 8/17/2018 6:50 PM, cyaiplexys wrote: On 08/17/2018 10:55 AM, Dave Sherohman wrote: On Thu, Aug 16, 2018 at 02:07:02PM -0400, cyaiplexys wrote: See, that all is way over my head. I don't understand this stuff as I'm pretty much a total beginner in this

Re: Fail2Ban Question: Can I do this without restarting the service?

On Fri 17 Aug 2018 at 19:16:07 +0200, john doe wrote: > Also, a server without firewall capibility should never be facing internet. Why? "never" seems a little strong. Mine does; what's the problem? -- Brian.

Re: Fail2Ban Question: Can I do this without restarting the service?

On 8/17/2018 6:50 PM, cyaiplexys wrote: On 08/17/2018 10:55 AM, Dave Sherohman wrote: On Thu, Aug 16, 2018 at 02:07:02PM -0400, cyaiplexys wrote: See, that all is way over my head. I don't understand this stuff as I'm pretty much a total beginner in this. OK, fair enough.  Let's see what help

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/17/2018 10:55 AM, Dave Sherohman wrote: On Thu, Aug 16, 2018 at 02:07:02PM -0400, cyaiplexys wrote: See, that all is way over my head. I don't understand this stuff as I'm pretty much a total beginner in this. OK, fair enough. Let's see what help I can offer. Greatly appreciated. :)

Re: Fail2Ban Question: Can I do this without restarting the service?

On Thu, Aug 16, 2018 at 02:07:02PM -0400, cyaiplexys wrote: > See, that all is way over my head. I don't understand this stuff as I'm > pretty much a total beginner in this. OK, fair enough. Let's see what help I can offer. > Does Debian and Debian based systems have the firewall installed and >

Re: Fail2Ban Question: Can I do this without restarting the service?

On Thu 16 Aug 2018 at 14:07:02 -0400, cyaiplexys wrote: > On 08/16/2018 01:00 PM, Dave Sherohman wrote: > > On Wed, Aug 15, 2018 at 09:29:58PM -0400, cyaiplexys wrote: > > > Is there a better way to do this? I have a cron job that gathers IP > > > addresses that get more than 1,000 hits from the a

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/16/2018 01:00 PM, Dave Sherohman wrote: On Wed, Aug 15, 2018 at 09:29:58PM -0400, cyaiplexys wrote: Is there a better way to do this? I have a cron job that gathers IP addresses that get more than 1,000 hits from the apache log file and that gets put in the ip.blacklist.perm file. If (as

Re: Fail2Ban Question: Can I do this without restarting the service?

On Wed, Aug 15, 2018 at 09:29:58PM -0400, cyaiplexys wrote: > Is there a better way to do this? I have a cron job that gathers IP > addresses that get more than 1,000 hits from the apache log file and that > gets put in the ip.blacklist.perm file. If (as the filename implies) you want to block the

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/16/2018 09:52 AM, john doe wrote: On 8/16/2018 1:45 PM, cyaiplexys wrote: On 08/16/2018 02:36 AM, john doe wrote: On 8/16/2018 3:29 AM, cyaiplexys wrote: I have a list of IP addresses I want to ban and I put them in /etc/fail2ban/action.d/iptables-multiport.conf as so: cat /etc/fail2ba

Re: Fail2Ban Question: Can I do this without restarting the service?

On 8/16/2018 1:45 PM, cyaiplexys wrote: On 08/16/2018 02:36 AM, john doe wrote: On 8/16/2018 3:29 AM, cyaiplexys wrote: I have a list of IP addresses I want to ban and I put them in /etc/fail2ban/action.d/iptables-multiport.conf as so: cat /etc/fail2ban/ip.blacklist.perm | while read IP; do i

Re: Fail2Ban Question: Can I do this without restarting the service?

On 08/16/2018 02:36 AM, john doe wrote: On 8/16/2018 3:29 AM, cyaiplexys wrote: I have a list of IP addresses I want to ban and I put them in /etc/fail2ban/action.d/iptables-multiport.conf as so: cat /etc/fail2ban/ip.blacklist.perm | while read IP; do iptables -I fail2ban- 1 -s $IP -j DROP; d

Re: Fail2Ban Question: Can I do this without restarting the service?

On 8/16/2018 3:29 AM, cyaiplexys wrote: I have a list of IP addresses I want to ban and I put them in /etc/fail2ban/action.d/iptables-multiport.conf as so: cat /etc/fail2ban/ip.blacklist.perm | while read IP; do iptables -I fail2ban- 1 -s $IP -j DROP; done (that was supposed to be all on one

Re: fail2ban with nftables

On 29/06/17 00:13, Denis Polom wrote: On Debian 9 with latest updates, fail2ban not creating rules when used with nftables: 2017-06-29 01:06:14,217 fail2ban.action [2593]: ERROR nft add set inet filter f2b-sshd \{ type ipv4_addr\; \} nft insert rule inet filter INPUT tcp dport \{ ssh

Re: Fail2ban

2015-09-13 17:08 keltezéssel, Gokan Atmaca írta: > I'm using the Fail2ban. I configuration below. I want to try to > prevent the continuous password. Fail2ban password that does not > prevent this form. > > What could be the problem ? > Is asterisk enabled in jail.conf? for example: [asterisk

Re: fail2ban fails to ban apache...

On 22/12/13 04:01, François Patte wrote: > Bonjour, > > I try to configure fail2ban in order to ban IP which try to connect to > directories protected by .htaccess. Surely you mean "try to configure fail2ban in order to ban IP addresses which repeatedly *fail* to login to a apache protected direc

Re: fail2ban fails to ban apache...

"François Patte" wrote: >Bonjour, > >I try to configure fail2ban in order to ban IP which try to connect to >directories protected by .htaccess. > >Here is my [apache] section in jail.conf: > >enabled = true >port = http,https >filter = apache-auth >logpath = /var/log/apache*/*error.log

Re: fail2ban fails to ban apache...

Sorry, I meant this to go to the list... On 12/21/2013 12:01 PM, François Patte wrote: Bonjour, I try to configure fail2ban in order to ban IP which try to connect to directories protected by .htaccess. Here is my [apache] section in jail.conf: enabled = true port = http,https filter =

Re: Fail2ban and IPV6

Robin Kipp wrote at 2013-09-14 16:08 -0500: > Any workaround for this, or is there a better alternative to Fail2ban? It seems that fail2ban still does not support ipv6. Perhaps it would wor

Re: fail2ban problem

On 1/6/2013 5:23 AM, Chris Davies wrote: Jerry Stuckle wrote: I decided to try a fail2ban rule, but I can't get it to work. failregex = .*"GET|POST|HEAD /.*phpMy.* HTTPS?/.*" 404 [0-9]{1,6} This should match something like: 10.0.0.1 - - [31/Dec/2012:11:40:02 -0500] "GET /phpBB2/ HTTP/1.1"

Re: fail2ban problem

Jerry Stuckle wrote: > I decided to try a fail2ban rule, but I can't get it to work. > failregex = .*"GET|POST|HEAD /.*phpMy.* HTTPS?/.*" 404 [0-9]{1,6} > This should match something like: > 10.0.0.1 - - [31/Dec/2012:11:40:02 -0500] "GET /phpBB2/ HTTP/1.1" 404 3308 > However, it also seems to

Re: fail2ban doesn't block (ssh)

Hi Claudius, I got it working, now. The problem was that tzdata was set to the correct zone after the first setup and rsyslog wasn't restarted since then. So in the auth.log every log entry was 2 hours old. Thanks for your help. Best regards Denis -- To UNSUBSCRIBE, email to debian-user-re

Re: fail2ban doesn't block (ssh)

Hello Denis, Denis Witt wrote: > [fail2ban not banning] Is there any information in the fail2ban logfile, for example a line like: 2012-05-08 00:46:23,587 fail2ban.actions: WARNING [sasl] Ban 134.255.242.165 (though with ssh instead of sasl)? Is there any difference in the SSH configuration o

Re: Fail2Ban and custom rules - regex inconsistency?

Avi Greenbury wrote: Hi all, I have a log file to parse with Fail2Ban. It contains lines of the form: 2010/12/14 15:12:31 - 80.87.131.48 I've concocted a simple regexp for Fail2Ban: # fail2ban-regex '2010/12/14 15:12:31 - 80.87.131.48' ' - $' Success, the following data were found:

Re: Fail2Ban and custom rules - regex inconsistency?

On Mon, 20 Dec 2010 14:40:13 +, Avi Greenbury wrote: (...) > So I've created a /etc/fail2ban/filter.d/adminpages.conf which contains: > > [Definition] > #_daemon = apache > > # Option: failregex > # Notes.:Regex to match Gary's logging script. # Values: TEXT > > failregex =" - $"

Re: fail2ban block my internet connection

On Mon, Jun 22, 2009 at 03:13:28PM +, rabie chami wrote: > salvation to everyone I have a problem when I run fail2ban everything > works except I have a problem on the internet connection because I > have no connection, I think the problem is when fail2ban block ip > addresses they do on my ro

Re: Fail2ban application

On 06/24/2007 03:54 PM, David Baron wrote: > I get sporadic and not uncommon failures to authenticate sending email using > exim4 smarthosting to my provider. Is there a way to get fail2ban to give me > immediate notification when this occurs? > > Such occurances get to /var/log/auth and other l

Re: Fail2ban application

On Sun, Jun 24, 2007 at 10:54:49PM +0300, David Baron wrote: > I get sporadic and not uncommon failures to authenticate sending email using > exim4 smarthosting to my provider. Is there a way to get fail2ban to give me > immediate notification when this occurs? fail2ban is designed to ban ip add

Re: fail2ban on sarge. (Solved)

Ralph Katz wrote: On 11/10/2005 02:30 PM, Ralph Crongeyer wrote: Hi all, I've installed fail2ban from unstable on my sarge box. Is any one using it on sarge? If so I could yse your help. It seems as though it's not working. I'm still getting alot of failed login attempts over SSH and never ge

  1   2   >