Archiv

Artikel Tagged ‘Fail2ban’

13428

18. August 2013 3 Kommentare

13428 – das ist die Zahl der bisher versuchten Logins in dieses Blog – am heutigen Tag. Es war zeitweise so schlimm, dass ich den Webserver abschalten musste. Im Moment ist das halbe Internet gesperrt, den Rest erledigt WP fail2ban. Spaß macht das alles nicht.

Fail2ban and qpopper

21. März 2008 Kommentare ausgeschaltet

Most are using fail2ban to block ssh scans, but it can do a lot more for you. Due to it’s modular nature you can scan in almost every logfile for things you don’t like and block it.

If you look in /etc/fail2ban/filter.d/ you can see a lot of predefined filters for several mail or ftp servers. Mostly it tooks only one regular expression to block scans. Here for instance on qpopper pop3-servers:

/etc/fail2ban/filter.d/qpopper.conf

# Fail2Ban configuration file
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<host>" can
# be used for standard IP/hostname matching.
# Values: TEXT
#
failregex = \(<HOST>\):\ -ERR\ \[AUTH\]
#
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

/etc/fail2ban/jail.conf

[qpopper]
enabled = true
port = pop3
filter = qpopper
logpath = /var/log/mail.log

This works for Debian Etch. For OpenSuSE look here.

Tags: ,

Links for 2007-06-07

7. Juni 2007 Kommentare ausgeschaltet