On Wed, Mar 18, 2015 at 1:11 AM, Lee Clemens <[email protected]> wrote: > On 03/16/2015 03:21 PM, Anthony Griffiths wrote: >> > If <asterisk-machine-ip> is your server and not the host fail2ban should > block, the regex seems incorrect and should be fixed. > > Instead, it seems the regex should check for the "hacking attempt detected" > message above, assuming 195.154.56.42 is the IP which should be blocked by > fail2ban.
lee thankyou for your response on this. You're right, the failregex was wrong (I feel a right numpty for that) and I've corrected it now so it matches up with the 'hacking attempt detected' line and it's working, fail2ban is banning hack attempts on asterisk. the 'fail2ban-regex' command also worked great in helping me debug the problem and get the right syntax for the hacking attempt line. Thanks again. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
