can you share your vpopmail rules for fail2ban, config and regex?
On 6/3/2020 5:48 PM, Gary Bowling wrote:
FYI in case someone else can use this info.
In my recent review of my server and trying to tighten up security. I
noticed that there were a number of IPs that showed up regularly in my
fail2ban firewall rules. I have a fail2ban jail for vpopmail that
looks at failed login attempts and blocks their IP addresses in iptables.
One IP address in particular would attack my server, get banned by
fail2ban, and when the bantime was up, the same IPĀ would start
attacking again, and the loop would continue.
In order to try to do something about these bots, I first looked at
the "recidive" jail that is included with more recent versions of
fail2ban.
The recidive jail was created just for this problem. However recidive
just adds an additional jail time for a repeat offender. So, for
instance a 4 hour jail time might get increased to 1 week. But after a
week it starts over.
In searching I found this article, which describes what I think is a
better approach to the issue.
https://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/
This article describes how to build a series of increased jail times
for a habitual offender. Eventually culminating in a year jail time.
Thanks, Gary
--
____________________
Gary Bowling
The Moderns on Spotify <https://distrokid.com/hyperfollow/themoderns/bbrs>
____________________
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com