On a shared server, it is showing User unknown attempts for
some 15 to 30 domains in thousands like 5000 to 1 from
various IP source, which seems be using resources
unnecessarily.
Is there a way to configure assp to discard such attempts from any
ips (if possible for 24 hours), if it
Just set ValidateUserLog to nolog.
That would just avoid logging not solve the issue
on the other hand setting up ASSP to block those
IPs after they get in penalty extreme would help
sparing resources :)
--
GrayHat gray...@gmx.net schreibt:
That would just avoid logging not solve the issue
on the other hand setting up ASSP to block those
IPs after they get in penalty extreme would help
sparing resources :)
That solves the issue because it is just psychological.
I really doubt that blocking IPs in
On 2010-05-26 4:01 PM, Paul K. Dickson wrote:
That's a really bad idea. ASSP already does that in a sense but is smart
about it. Don't reinvent the wheel ;)
Actually fail2ban rocks, and blocks these kinds of things at the
firewall level, so is in that sense more secure.
And it is pretty
That solves the issue because it is just psychological.
Uh ?
I really doubt that blocking IPs in ASSP with penalty extreme
would spare resources compared to invalid user.
Yeah, sure, try getting some thousands attempts in a matter of
seconds (which means some millions connections
No sense in bogging down ASSP any more than
need be, especially on a busy server.
Sounds like Fritz doesn't agree; up to him, by the way, and
really no problem with that; yet I think that, if *properly* set
up, ASSP is perfectly able to deal with such an issue w/o
having to recur to stuff
GrayHat gray...@gmx.net schreibt:
Sounds like Fritz doesn't agree; up to him
I explained quite a different thing.
--
___
Assp-user mailing list
GrayHat gray...@gmx.net schreibt:
Yeah, sure, try getting some thousands attempts in a matter of
seconds (which means some millions connections attempts on
a typical day) and then come back and tell me that performing a
straight reject didn't spare resources
You block thousand attempts with one
Hi,
In http://www.fail2ban.org/wiki/index.php/ASSP,
For following log:
Example: Nov-14-09 00:14:50 54090-05322 201.244.255.72
bad...@gtgwhhrthrth.com [SMTP Error] 550 5.1.1 User unknown:
your.u...@your-domain.com
Assp fail regex is :
failregex = .*? \d{5}-\d{5} HOST .*? \[SMTP Error\] (.*)
: [Assp-user] ASSP fail2ban
Hi,
In http://www.fail2ban.org/wiki/index.php/ASSP,
For following log:
Example: Nov-14-09 00:14:50 54090-05322 201.244.255.72
bad...@gtgwhhrthrth.com [SMTP Error] 550 5.1.1 User unknown:
your.u...@your-domain.com
Assp fail regex is :
failregex
the wheel ;)
From: MadTh madan.feedb...@gmail.com
Reply-To: For Users of ASSP assp-user@lists.sourceforge.net
Date: Wed, 26 May 2010 21:48:54 +0200
To: assp-user@lists.sourceforge.net
Subject: [Assp-user] ASSP fail2ban
Hi,
In http://www.fail2ban.org/wiki/index.php/ASSP
11 matches
Mail list logo
