Using a ping test website works good for testing fail2ban.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 11:23 AM, Wayne Sallee wrote:
That works!
Thanks!
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 11:14 AM, Wayne Sallee wrote:
er.. beta :-)
I used to be heavy into fish, and also had an aquarium store for 4 years, and
sold lots of bettas.
This seems to work better:
(:80|:443) <HOST> .*BanMePlease
I wish fail2ban would allow you to start a jail retroactive to the start of a log, instead of waiting for a bot to
come along.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 10:57 AM, Wayne Sallee wrote:
That looks good.
But:
fail2ban-regex /var/log/appache2/access.log ":(80|443) <host>.*BanMePlease "
--print-all-matched
Running tests
=============
Use failregex line : :(80|443) <host>.*BanMePlease
Traceback (most recent call last):
File "/usr/bin/fail2ban-regex", line 34, in <module>
exec_command_line()
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
599, in exec_command_line
if not fail2banRegex.start(opts, args):
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
499, in start
if not self.readRegex(cmd_regex, 'fail'):
File "/usr/lib/python3/dist-packages/fail2ban/client/fail2banregex.py", line
320, in readRegex
'add%sRegex' % regextype.title())(regex.getFailRegex())
File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 113, in
addFailRegex
raise e
File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 105, in
addFailRegex
regex = FailRegex(value)
File "/usr/lib/python3/dist-packages/fail2ban/server/failregex.py", line 215,
in __init__
raise RegexException("No 'host' group in '%s'" % self._regex)
fail2ban.server.failregex.RegexException: No 'host' group in ':(80|443)
<host>.*BanMePlease '
fail2ban is definitely betta.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 10:43 AM, Nick Howitt wrote:
Yes. I realised mine was OTT when I was driving. Even simpler is:
:(80|443) <host>.*BanMePlease
It will look for the first occurrence. No need for anything before the ":"
On 16/08/2018 14:50, Wayne Sallee wrote:
Or something like the following?
^*?:(80|443) <host>.*BanMePlease
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 09:17 AM, Nick Howitt wrote:
^(domain1|domain2|domain3):(80|443) <host>.*BanMePlease but remember to escape the
"." in the domain name.
On 16/08/2018 14:09, Wayne Sallee wrote:
Didn't work. It could not find the IP
Then I tried
^.*?<HOST>
and it was back to looking up my IP address.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 05:57 PM, Wayne Sallee wrote:
I did not see your second suggestion. I'll try that.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 05:47 PM, Wayne Sallee wrote:
Thanks,
I can't use that, as I have several domains.
Also "80" can't be used, as sometimes it's 443.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 03:33 PM, Tony Collins wrote:
I think if you put this it should work:
^waynesallee.com:80 <http://waynesallee.com:80> <HOST>.*BanMePleass
If the literal text doesn't work, a quick and dirty thing to do is to use .* (a dot and an asterisk), which
means "any characters") - so,
^.*<HOST> etc
Tony
On Wed, 15 Aug 2018 at 20:29, Wayne Sallee <wa...@waynesallee.com
<mailto:wa...@waynesallee.com>> wrote:
fail2ban is expecting the first entry to be the ip address of
the bot, but the bot's ip address comes after the domain
name visited.
So what to I need to do to the filter to fix this?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 03:21 PM, Wayne Sallee wrote:
> How should I change the following filter to fix this?
> failregex = ^<HOST>.*BanMePlease
>
> My logfiles look like this:
> waynesallee.com:80 <http://waynesallee.com:80> 11.111.11.111
>
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
> On 08/15/2018 03:17 PM, Wayne Sallee wrote:
>> fail2ban looks at website in the log and get's its ip
address, instead of looking at the ip address in the log.
>>
>> Wayne Sallee
>> wa...@waynesallee.com
>> http://www.WayneSallee.com
>>
>>
------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Fail2ban-users mailing list
>> Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>
>
>
------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
<mailto:Fail2ban-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
-- Tony Collins
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
