Hi Yehuda
Apologies for the late comeback on this but I have tried various things
over this past few days and nothing is working for me. Simply nothing is
getting reported to blocklist.de
First of all I have an issue where they comment
*Create a file jail.d/blocklist_de.local containing*
*# [Init]*
*# blocklist_de_apikey = {api key from registration]*
So I have created that include file in that location exactly as per their
specs but fail2ban fails to see it whilst loading and fails.
So I went a step further and put this entry rather in my jail.local file
which is now picked up during loading as it finds the blocklist_de_apikey
string and happily loads fail2ban.
I have my jails configured like this (below), but whilst I get the email
notification with whois lines from the first action, and badips.com gets
the notification from the third action listed, the middle
action %(action_blocklist_de)s is not working.
*[ssh]*
*enabled = true*
*port = ssh*
*filter = sshd*
*logpath = /var/log/auth.**
*maxretry = 6*
*action = %(action_mwl)s*
* %(action_blocklist_de)s*
* badips[category="sshd",
key=“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"]*
Now in their little documentation snippet they say you add your api key
using
*blocklist_de_apikey = {api key from registration]*
But notice it specifies beginning with *{* and ending *]* …. so beginning
with curly bracket and ending with square bracket.
Once again this does not work.
so I have tried various combinations of it as follows
*blocklist_de_apikey = {api key from registration}*
*blocklist_de_apikey = api key from registration*
But still no reporting to blocklist.de is taking place.
What am I missing? This one is sending me running around in circles now.
Kind Regards
Mitchell
From: Mitchell Krog Photography <mitchellk...@gmail.com>
<mitchellk...@gmail.com>
Reply: Mitchell Krog Photography <mitchellk...@gmail.com>
<mitchellk...@gmail.com>
Date: 20 October 2017 at 3:56:16 PM
To: Graham Bosworth <gra...@chuckerytowers.plus.com>
<gra...@chuckerytowers.plus.com>, Bill Shirley
<bshir...@openmri-scottsboro.com> <bshir...@openmri-scottsboro.com>
Cc: p...@opensuse.org <p...@opensuse.org> <p...@opensuse.org>,
fail2ban-users@lists.sourceforge.net <fail2ban-users@lists.sourceforge.net>
<fail2ban-users@lists.sourceforge.net>
Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
blocklist.de at same time?
Many thanks Yehuda for the reply
I am testing it now and will let you know if I get it right, have to wait a
few hours before something get’s blacklisted and reported.
I did register on blocklist.de to get an API key and set the field
"blocklist_de_apikey = xxxxxxxx” in the jail.local so as soon as a repeat
offender kicks in I will see if it is reporting to blocklist as well as
badips.com.
Also thank you to Graham for some support :) much appreciated.
I will report back with my findings and confirmation of the changes I made.
Kind Regards
Mitchell
From: Graham Bosworth <gra...@chuckerytowers.plus.com>
<gra...@chuckerytowers.plus.com>
Reply: Graham Bosworth <gra...@chuckerytowers.plus.com>
<gra...@chuckerytowers.plus.com>
Date: 20 October 2017 at 1:29:56 AM
To: Bill Shirley <bshir...@openmri-scottsboro.com>
<bshir...@openmri-scottsboro.com>
Cc: p...@opensuse.org <p...@opensuse.org> <p...@opensuse.org>,
mitchellk...@gmail.com <mitchellk...@gmail.com> <mitchellk...@gmail.com>
Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
blocklist.de at same time?
Hello Bill,
I was looking forward to an answer to the question from Mitchell, but I did
not notice any polite "Please" or "Can you" or any other such polite
etiquette in the command "Do not hijack a thread. Start your own thread."
A similar sentiment applies to Patrick Shanahan - why be unpleasant when
you could be nice?
I expect flames. I hope that they do not make me feel miserable.
Yours,
--
Graham
Is there a nice way of saying "euphemism"?
On Thu, 19 Oct 2017, Bill Shirley wrote:
> Date: Thu, 19 Oct 2017 18:10:14
> From: Bill Shirley <bshir...@openmri-scottsboro.com>
> To: fail2ban-users@lists.sourceforge.net
> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> blocklist.de at same time?
>
> Mitchell,
> I don't think anyone here meant to grind on and on about thread
hi-jacking.
> You seemed
> to not understand doing a reply and replacing the body and subject doesn't
> create a
> new thread. Now you do; mission accomplished.
>
> On to your original post, what is it that you want to send to badips.com
and
> blocklist.de?
> Email? What have you tried?
>
> Bill
>
>
> On 10/19/2017 8:58 AM, Mitchell Krog Photography wrote:
> You are so very helpful Patrick, I will also just send your
> emails to /dev/null
> WOW, what a helpful mailing list this has become with such nice people
> and NO …. YOU and 3 other people are the one ranting on about nonsense
> and a simple mistake !!! but not one of you can actually even answer a
> simple question.
>
> I will just seek help elsewhere, thank you very much.
>
> = unsubscribe
>
>
> From: Patrick Shanahan <p...@opensuse.org>
> Reply: Patrick Shanahan <p...@opensuse.org>
> Date: 19 October 2017 at 2:54:16 PM
> To: Mitchell Krog Photography <mitchellk...@gmail.com>
> Subject: Re: [Fail2ban-users] Possible Reporting to badips.com and
> blocklist.de at same time?
>
> * Mitchell Krog Photography <mitchellk...@gmail.com>
> [10-19-17 06:50]:
> > Patrick
> >
> > I help and have helped a lot of people on this list on
> the time I have
> > been on here. This list is turning into the likes of
> Apache user lists
> > where everybody rants and raves and nit picks about
> nonsense instead of
> > answering any questions. If you read my earlier replies
> yesterday I
> > said it was a mistake and not intentional so why go on
> and on and on
> > about it?
> >
> > Are you here to help users or try your very best just to
> insult and
> > offend them ?
> >
> > I guess I will probably get a quicker answer from
> @Sebres on the github
> > repo.
> >
> >
> > From: Patrick Shanahan <p...@opensuse.org>
> > Reply: Patrick Shanahan <p...@opensuse.org>
> > Date: 19 October 2017 at 12:24:48 PM
> > To: Mitchell Krog Photography <mitchellk...@gmail.com>
> > Subject: Re: [Fail2ban-users] Possible Reporting to
> badips.com and blocklist.de at same time?
> >
> > * Mitchell Krog Photography <mitchellk...@gmail.com>
> [10-19-17 06:21]:
> > > Hi All
> > >
> > > Is it possible when a jail blocks an IP to send
> > > to badips.com + blocklist.de At the same time ?
> > > If so can anyone point me in the right direction.
> > >
> > > Many Thanks
> > >
> > > For those accusing me of “hijacking threads” and
> telling me to go and
> > > Google “email hijacking” as if I have no idea what
> that is having being
> > > in the industry for 30 years … kindly see attached
> screengrab of this
> > > brand new message, completely blank and composed with
> a slightly
> > > different subject line.
> >
> > and what is it that you believe with your 30 years of
> industrial
> > experience, this proves. you do not show the complete
> header, only what
> > your chosen client reveals to you. google may (keyword)
> indeed help you
> > or not ???
> >
> > --
> > (paka)Patrick Shanahan Plainfield, Indiana, USA
> @ptilopteri
> > http://en.opensuse.org openSUSE Community Member
> facebook/ptilopteri
> > Registered Linux User #207535 @ http://linuxcounter.net
> > Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet
> freenode
>
> I guess you *really* do not understand. and your choice to
> continue
> ranting is on you along with your choice to top post and
> full quote and
> unformatted text. I do have a solution:
>
> :0:
> * ^From.*mitchellkrog
> /dev/null
>
>
> --
> (paka)Patrick Shanahan Plainfield, Indiana, USA
> @ptilopteri
> http://en.opensuse.org openSUSE Community Member
> facebook/ptilopteri
> Registered Linux User #207535 @ http://linuxcounter.net
> Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet
> freenode
[--- snipped --]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
