[contribteam] [Bug 10749] too many countries specified iptables error

Wed, 06 Mar 2019 19:36:15 -0800 

https://bugs.contribs.org/show_bug.cgi?id=10749

Jean-Philippe Pialasse <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |IN_PROGRESS

--- Comment #6 from Jean-Philippe Pialasse <[email protected]> ---
(In reply to Catton from comment #5)
> Jean-Philippe,
>     December 2018, one of my site was getting a brute-force attack and
> getting past fail2ban by using multiple ip addresses - mainly on port 465
> and from non-US countries. They compromised about 15 mail accounts and
> started sending out bad stuff. The Maxmind (Fragmented) Non-Us list was to
> big for iptables. So I used the old original world IP list excluding US.
> This did stop the attack but many US addresses were also excluded, so I
> started adding them in at the top like the 12. that are AT&T.
> The Geoip (Mail) Contrib blocks email but access to 465 or webmail.

you should be able to block that too with fail2ban, of course need some manual
configuration
I was able to block wordpress distributed DoS attack this way.

> I was really looking forward to a GeoIP solution for that.   
> If the limit gets set to 50 that would be a good start.
> I can then remove my 40DenyRiffRaff and test.
> Thanks all.

here is a try :
/usr/bin/plague-client build xtables-addons xtables-addons-1_47_1-12_el6_sme
contribs9
Package xtables-addons enqueued.  Job ID: 2098.

%changelog
* Wed Mar 06 2019 Jean-Philipe Pialasse <[email protected]> 1.47.1-12.sme
- set XT_GEOIP_MAX from 15 to 50 [SME: 10749]




/usr/bin/plague-client build xtables-addons-kmod
xtables-addons-kmod-1_47_1-11_el6_sme contribs9
Package xtables-addons-kmod enqueued.  Job ID: 2097.

%changelog
* Wed Mar 06 2019 Jean-Philipe Pialasse <[email protected]> 1.47.1-11.sme
- set XT_GEOIP_MAX from 15 to 50 [SME: 10749]



also the kmod ( not sure if we need to update both. try to just update the
xtables-addons first and see if this changes.)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to