[Fail2ban-users] Fwd: Re: Can Fail2ban Send Commands to Network Firewall?

On 2/10/2024 3:38 PM, Arturo 'Buanzo' Busleiman wrote: you most certainly can do this by defining a set of custom actions for ban/unban, etc. check the other actions that fail2ban has included for examples This is good to know. I'm surprised that somebody hasn't already done this for the

Re: [Fail2ban-users] www.fail2ban.org redirects to github.com/fail2ban/failban now

How about creating a new hostname like: wiki.fail2ban.org and point that to the wiki, and only advertise it on this list? See if any of the traffic follows the new host. At 11:59 AM 9/25/2023, Arturo 'Buanzo' Busleiman wrote: Cyril, I can run the wiki on my infrastructure if required.

[Fail2ban-users] Fwd: Re: Cleanup jails (Login-Shield)

My question is thus, is there a way to optimize or cleanup the bans so it’s based on wildcards or subnets instead? Or should I not worry about this as iptables is not affected performance wise by +1000 banned ips? There is a great project that works in harmony with Fail2Ban that does

[Fail2ban-users] web-shield - companion to F2B

I've been testing a new system by the developers of login-shield, called "web-shield" that may be of interest to people here. For those who aren't familiar, these are two free shell-based utilities for Linux that implement filtering of certain ports for well-known IP space that harbors

Re: [Fail2ban-users] fail2ban for a range of IPs

Good point. fail2ban isn't exactly the right tool for this. There appears to be a project but I don't think it's maintained: https://github.com/XaF/fail2ban-subnets Take a look at this project: https://github.com/dpsystems/login-shield It's

Re: [Fail2ban-users] fail2ban 0.11.1

Thank you, I updated to 0.11.2-3 and will see if subnet bans stick. That may be a function of the type of IPSET list created. I know that with ipset you can blacklist subnets but if it isn't a certain list:hash type it will expand the subnet into an array of individual IP addresses.

[Fail2ban-users] Fwd: Re: Extending fail2ban for distributed attacks

I've been using login-shield: https://github.com/dpsystems/login-shield This has stopped 95-97% of the attacks. It blacklists all the common attack vectors. This is another option to address things and reduces a lot of stress from f2b. ___

[Fail2ban-users] Non-Email Abuse Contacts

An increasing number of networks (including Microsoft) are moving away from e-mail based abuse reporting methods, instead using web forms. That obviously doesn't work well with the complain action. Has there been any work done or any plans developed for how to handle this?

Re: [Fail2ban-users] SoftEther VPN

At 09:56 PM 7/18/2021, Sergey Ivanov wrote: Hi, we see an ongoing attack on our SoftEther VPN. In the logs after replacing IP of our server with x.x.x.x the lines looks like: -- 2021-07-06 00:00:00.128 OpenVPN Session 107968 (141.95.18.54:58360 -> x.x.x.x:1194): A new session is

[Fail2ban-users] Fwd: Re: Fwd: Use Fail2ban to protect Postfix/Dovecot on CentOS 7

> I use this as an enhancement to f2b: > > https://github.com/dpsystems/login-shield > > > It contains a number of blacklists and blocks login ports from areas of known > issues. The IP that attacked your system was by default in the blacklist. > > If you're in France you'll want to check

[Fail2ban-users] Fwd: Use Fail2ban to protect Postfix/Dovecot on CentOS 7

I use this as an enhancement to f2b: https://github.com/dpsystems/login-shield It contains a number of blacklists and blocks login ports from areas of known issues. The IP that attacked your system was by default in the blacklist. If you're in France you'll want to check some of the

[Fail2ban-users] After a year, f2b not blocking anything since login-shield in use

After more than a year of using the login-shield front end, this is the first time I noticed I have ZERO fail2ban blocks: _ _ _ _ _ _ _ | | (_) / | | (_)| | | | | | ___ __ _ _ _ __ _| (___ | |__ _

Re: [Fail2ban-users] 99.93% attacks blocked

Thanks but unfortunately totally US-centric. I'm not sure where you get that? The US related blocklist is separated from others. If you're in a "hot zone" like China, Russia, etc, it probably won't work as well. But the idea behind it is to limit access to login ports, and ideally you

[Fail2ban-users] 99.93% attacks blocked

There's a companion system to Fail2Ban that I'm using. I thought I might share my most recent stats on this with the community. This uses ipset and iptables like f2b does, but serves as a first line of defence before fail2ban.. After using this for 6+ months, I'm very impressed with the

[Fail2ban-users] what does this message mean?

2020-12-13 00:29:36,200 fail2ban.filtersystemd [1026]: NOTICE Jail started without 'journalmatch' set. Jail regexs will be checked against all journal entries, which is not advised for performance reasons. Can someone explain that to me? Is this error global to f2b or specific to a

Re: [Fail2ban-users] badips.com down for a while, alternatives?

At 09:00 PM 11/10/2020, Kenneth Porter wrote: --On Tuesday, November 10, 2020 9:48 AM -0500 Robert Kudyba wrote: Here's another useful resource: https://iptoasn.com/ Any idea how to download the list and update /etc/hosts on a regular basis? I don't, but haven't messed with it much. I

Re: [Fail2ban-users] badips.com down for a while, alternatives?

At 03:24 PM 11/6/2020, Robert Kudyba wrote: The rules for badips.com have been offline for a while now, but some pages in the web site are still active. Noone responds to their Twitter either. Do any of you use any alternatives to use with ipset or populate /etc/hosts.deny

Re: [Fail2ban-users] incrementing time or permanent blockage?

I assume the permanent ban doesn't use a timeout value. So that's an exception, but if you set a bantime, that is apparently the limit, around 4 weeks max. At 10:21 PM 10/12/2020, Patrick Shanahan wrote: * Mike [10-12-20 23:17]: > > > > > F2B does support permanant. Se

Re: [Fail2ban-users] incrementing time or permanent blockage?

F2B does support permanant. Set bantime to -1 and it's "forever". I did not know that. But I do believe there is a limit imposed by ipset regarding maximum expire time? I seem to remember it's somewhere around 3-4 weeks or so? It has to do with the value exceeding the size of a 32

Re: [Fail2ban-users] incrementing time or permanent blockage?

I don't think f2b or the ipset lists support a permanent ban. I actually think ipset time limitations are more strict, like you can't set a bantime greater than several weeks IIRC. However, there are some other subsystems you can add in addition to f2b that can help. See

Re: [Fail2ban-users] SOLVED? latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

At 03:56 PM 9/23/2020, Kenneth Porter wrote: That reminds me: Mike's iptables dump shows rules from firewalld, but he's using the iptables-multiport action for fail2ban. firewallcmd-ipset should be a better choice for integrating with firewalld. It invokes firewallcmd to insert the fail2ban

Re: [Fail2ban-users] SOLVED? latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

Is there any way that the CHANGELOG can be sent out to this list when fail2ban is updated? It would be so helpful. Are the devs even on this list? ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net

Re: [Fail2ban-users] WARNING [sshd] already banned, fail2ban-0.11.1-10.fc32

At 12:34 PM 9/21/2020, Robert Kudyba wrote: my jail.local: [DEFAULT] bantime = 10800 action = %(action_)s usedns = no mta = sendmail backend = auto banaction = firewallcmd-ipset port = 0-65535 bantime.increment = true bantime.rndtime = 8m [sshd] enabled = true maxretry = 4 filter =

Re: [Fail2ban-users] SOLVED? latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

At 01:23 PM 9/21/2020, Kenneth Porter wrote: On 9/21/2020 10:27 AM, Mike wrote: Unless there's something missing somewhere in the config, but I searched across all files on my regular servers that weren't patched and they were all using: banaction = iptables-multiport and it invoked ipset

[Fail2ban-users] SOLVED? latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

I fixed my problem by adding: banaction = firewallcmd-ipset in the [DEFAULT] section of jail.local I have to assume that versions prior to fail2ban 0.11.1-9.el7.2 would interpret the command: banaction = iptables-multiport differently. Earlier versions used ipset, but as of the new patch,

[Fail2ban-users] Fwd: Re: latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

I don't think you get any firewall rules or ipset sets until you have a ban. Try using fail2ban-client to manually ban an IP and see if the corresponding firewall items then appear. I thought of that. # fail2ban-client set sshd banip 91.127.18.79 1 # fail2ban-client status sshd Status for

Re: [Fail2ban-users] latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

At 11:48 AM 9/21/2020, Kenneth Porter wrote: --On Monday, September 21, 2020 12:36 PM -0500 Mike wrote: when I dump all the firewall rules it does show those two "manban" IPs, but I don't see an ipset list or any fail2ban rules in the firewall like I do on my other servers: What

Re: [Fail2ban-users] latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

At 11:12 AM 9/21/2020, Kenneth Porter wrote: --On Sunday, September 20, 2020 10:23 PM -0500 Mike wrote: I updated one of my CentOS 7 servers to Fail2ban 0.11.1-9.el7.2 fail2ban-0.11.1-10.el7.noarch is working fine for me on CentOS 7.8.2003. I can list ipsets and the direct rules with your

[Fail2ban-users] latest update package 0.11.1-9.el7.2 not recognized under CentOS 7

I updated one of my CentOS 7 servers to Fail2ban 0.11.1-9.el7.2 I cannot identify the ipset lists or the iptables rules using the commands: ipset list and iptables -L INPUT_direct Has this version been tested under CentOS7 and confirmed to work? Is there some other command to show the ipset

[Fail2ban-users] Fwd: Re: recidive jail set, but IP still gets in

from certain server resources. I'm hoping to beta test that soon. I need to re-iterate what Mike is saying here and in fact, I would argue that if one is running an EM server without some type of SPAM + bad actor lists, they are remiss in their admin duties. LoginShield is

[Fail2ban-users] Fwd: Re: recidive jail set, but IP still gets in

On 7/8/20 3:29 PM, Mike wrote: As an aside, instead of using a recidive jail, I've been using a more permanent ban of login ports using this system https://github.com/dpsystems/login-shield This also includes logging of banned connections and some analysis reports. That is an original

Re: [Fail2ban-users] recidive jail set, but IP still gets in

As an aside, instead of using a recidive jail, I've been using a more permanent ban of login ports using this system https://github.com/dpsystems/login-shield This also includes logging of banned connections and some analysis reports. ___

Re: [Fail2ban-users] recidive jail set, but IP still gets in

This can happen if there is still an active connection with the jailed IP. f2b only affects future, new connections. At 06:32 AM 7/7/2020, Yassine Chaouche wrote: Let us examine what f2b logs for 185.143.72.27 say : 1. Is is banned/unbanned by postfix-sasl 4 times 2. on the fifth

Re: [Fail2ban-users] Log Modifications To Include Destination IP

over well. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Fabio Martins" To: "Mike Hammett" Cc: fail2ban-users@lists.sourceforge.net Sent: Thursday, Apri

[Fail2ban-users] Log Modifications To Include Destination IP

was attacked. The other networks much be running CGNAT or other address-sharing methods and apparently need their hand held. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com

[Fail2ban-users] Fwd: Re: extra postfix bans

I'm using sendmail-reject, which gets lots of hits after I disallowed authentication on port 25. I'm assuming it's bots looking for a way to guess logins. Perhaps you can adapt those rules for Postfix. I've been using login-shield (https://github.com/dpsystems/login-shield) to stop a lot

[Fail2ban-users] extra postfix bans

Is anybody using f2b to stop hosts doing stuff like this? Mar 24 21:02:18 host postfix/smtps/smtpd[32910]: connect from unknown[45.133.99.3] Mar 24 21:02:19 host postfix/smtps/smtpd[32910]: lost connection after UNKNOWN from unknown[45.133.99.3] Mar 24 21:02:19 host

[Fail2ban-users] tracking smtp dropped connections

Seeing these things in my log postfix log file: Feb 21 10:43:47 d postfix/smtps/smtpd[18263]: warning: hostname ip-113-92.4vendeta.com does not resolve to address 78.128.113.92 Feb 21 10:43:47 x postfix/smtps/smtpd[18263]: connect from unknown[78.128.113.92] Feb 21 10:43:47 x

[Fail2ban-users] Fwd: Re: Blocking Logins in Drupal 7 does not work!

Has ANYBODY explained WTF a bantime=-1 does? ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] fail2ban not restarting jails

I've run into an odd condition on one of my servers (CentOS 7) where fail2ban is not loading all the jails and I get no indications why. When I run: ipset list | grep Name I only see 2 jails listed. when I run: fail2ban-client status I how 7 jails defined. when I run: iptables -L

[Fail2ban-users] Fwd: Re: Fwd: Change ssh port globally (only once)

but it's often in /etc/ssh/sshd_config or somethere thereabouts What you mean is that changing "/etc/sshd_config", fail2ban through parameter "ssh" automatically detects the port? Assuming you haven't already configured sshd to run on an alternate port, you'll have to do that first.

[Fail2ban-users] Fwd: Change ssh port globally (only once)

Hi Friends, is it possible to change globally the SSHd port? I've different configuration files, where the following parameter is present: port = ssh How is it possible to change globally this value? Is it possible to keep this parameter in the configuration files and change it only

Re: [Fail2ban-users] Postfix submission

This is one way. Another way is to lock out the login ports for large IP blocks. See: https://github.com/dpsystems/login-shield This is proving to stop almost all my unuathorized login attempts. It's using the same tech that F2B uses, just implements a different, larger net in ipsets.

[Fail2ban-users] nftables problem not loading table at boot

I have fail2ban installed and working OK on CentOS 8 with one problem. When I reboot the server, the fail2ban table isn't created so all attempts to add bans generate errors like this: NOTICE [postfix-sasl] Unban 51.83.71.72 #39-Lev. 7fabf99e3d50 -- exec: nft list chain inet fail2ban input |

Re: [Fail2ban-users] pros/cons of how to reject packets?

I believe the logic goes that, given you've already been talking with the offender, trying to disappear off the radar won't work. If you blacklist addresses at your firewall, then it may make sense not to respond to them at all, but if you want an offender to go away, the best option is to say

[Fail2ban-users] pros/cons of how to reject packets?

closing a potentially un-opened port, vs, if you just never replied to the inquiry they remote system would believe there is no service at that port? I'm curious what the best way to stop repeat traffic might be? - Mike ___ Fail2ban-users mailing list

[Fail2ban-users] Fwd: Re: When to decide that fail2ban is not a good solution

of my blocked netspace, let me know. Right now I have 1075 entries in ipset, only using 10k of memory. And it stops 90+% of my system probes. - Mike If you have thousands of blocked IP address, fail2ban's ipset action is desirable. Some attacks initiate tens of connections at the same

Re: [Fail2ban-users] Fwd: allowing incoming mail but blocking smtp logins?

to disable auth on port 25 without doing a dangerous/non-standard server configuration. Is this true? - Mike Nick On 02/09/2019 21:32, Mike wrote: At 02:57 PM 9/2/2019, you wrote: Hi, >Sep 1 21:44:46 hst postfix/smtpd[28571]: connect from unknown[101.89.216.243] Sep 1 21:44

Re: [Fail2ban-users] Fwd: allowing incoming mail but blocking smtp logins?

it won't affect normal mail flow? - Mike ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Fwd: allowing incoming mail but blocking smtp logins?

As an addendum to below, here are examples from my log files I want to filter: Sep 1 21:44:46 hst postfix/smtpd[28571]: connect from unknown[101.89.216.243] Sep 1 21:44:51 hst postfix/smtpd[28571]: warning: unknown[101.89.216.243]: SASL LOGIN authentication failed: UGFje8vcmQ6 What port is

[Fail2ban-users] allowing incoming mail but blocking smtp logins?

This is a general security/ports question. Is there a way to allow incoming SMTP mail traffic but block attempts to use SMTP AUTH (obviously as a way to probe or brute force logins)? Are these separate ports or the same? (i.e. if I block port 25, do I stop dovecot login attempts but also

Re: [Fail2ban-users] maxretry maxfailures What's the deal ??

At 07:25 AM 8/28/2019, Wayne Sallee wrote:  Original Message *Subject: *  Re: [Fail2ban-users] maxretry maxfailures What's the deal ?? *From: *     Dominic Raferd *To: *         Fail2ban-users Distribution List *CC: * *Date: *      2019-8-28 Â

Re: [Fail2ban-users] port max?

Correct me if I'm wrong, but one issue with using RBL data in iptables is that you can't get an indication of rejections right? With my RBL, I send an error message to any remote system they've been blocked, with instructions on how to petition to be whitelisted. With f2b, you don't get

Re: [Fail2ban-users] port max?

Me personally, I'm less interested in an "all-US" or "all-non-US" list. What I'm interested in is the most efficient blocklist, representing the smallest number of large IP blocks that can restrict the highest percentage of of unauthorized activity. Along those lines, I can see some Class

Re: [Fail2ban-users] port max?

:04 PM 8/26/2019, Kenneth Porter wrote: --On Monday, August 26, 2019 8:33 AM -0500 Mike wrote: What is the maximum # of ports you can specify in the port = command? What's the iptables module? For documentation on all the iptables modules, look at: man 8 iptables-extensions <h

[Fail2ban-users] port max?

I see this error in my log: 2019-08-26 07:27:58 WARNING: '/usr/sbin/iptables-restore --wait=2 -n' failed: iptables-restore v1.4.21: too many ports specified What is the maximum # of ports you can specify in the port = command? ___ Fail2ban-users

Re: [Fail2ban-users] bans not working

> I've moved ssh to a non-standard port and it has been discovered by > some hackers. I'm noticing repeated attempts to connect and login > even though the IPs are supposedly banned. > > NOTICE [sshd] 54.34.136.87 already banned > I do not understand, if I've banned an IP why they're still

[Fail2ban-users] bans not working

I've moved ssh to a non-standard port and it has been discovered by some hackers. I'm noticing repeated attempts to connect and login even though the IPs are supposedly banned. Stuff like this in my log file: 2019-08-24 20:41:04,837 fail2ban.filter [55597]: INFO[sshd] Found

[Fail2ban-users] error using ban

Is there any reason why my sshd ipset group would disappear? I believe it was working, now it gets this error 2019-08-18 03:23:50,924 fail2ban.actions[4381]: NOTICE [sshd] Ban 188.166.7.24 2019-08-18 03:23:51,041 fail2ban.action [4381]: ERROR ipset add fail2ban-sshd

Re: [Fail2ban-users] maxretry maxfailures What's the deal ??

Does this mean maxretry is an alias for maxfailures or will maxretry no longer work? At 02:59 PM 8/14/2019, Wayne Sallee wrote: Content-Type: text/html; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit What's the deal with maxretry and maxfailures ?? Is one of them a

Re: [Fail2ban-users] Augmenting F2B with additional ipset rules

At 08:55 AM 8/5/2019, Robert Kudyba wrote: Have you guys seen the sync-blacklist script from https://gist.github.com/klepsydra/ecf975984b32b1c8291a#gistcomment-2038935 or f2b-badips-to-hostsdeny.sh from

Re: [Fail2ban-users] Augmenting F2B with additional ipset rules

ip ranges that might block 80% of the rogue traffic. Is anybody cutting out any really big blocks? Like the Chinese class As? I've done this with relay blacklist to great success but haven't tried it with iptables and all my ports. At 12:16 AM 8/3/2019, Jason Tibbitts wrote: >>>&g

Re: [Fail2ban-users] Augmenting F2B with additional ipset rules

y downside is whether to block ports 25/587? I need to be able to occasionally tell if some legit mail gets blocked. That's probably another level of protection to discuss separately? One question I was wondering.. if you update IPs in IPSET, does it automatically update the underlying iptables r

[Fail2ban-users] Augmenting F2B with additional ipset rules

this? Any advice on the best approach? Want to share any scripts you've created that can do this? - Mike ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Idea for a useful rule to ban system attacks

? Anybody want to collaborate to help write up the configuration? I can do the PHP coding - I could use some help with the F2B rules. - Mike ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinf

[Fail2ban-users] Fwd: Escalating ban times

It would be nice to have some kind of shared attack list we could use, like DNSRBL. The attackers I see are persistent. When the ban expires, they continue their attack. I would like to have an escalating ban time for repeat offenders. Another factor that could play into it is the

[Fail2ban-users] Fwd: Re: fail2ban ban's being dropped/disappear without noticed

Aside from the other recommended advise, I would suggest if possible, move your ssh to a non-standard port. This will block a ton of script kiddies. On 22-05-19 12:12, Steven Barthen via Fail2ban-users wrote: Hello I'm using fail2ban with shorewall to get rid some nasty scanners. As

Re: [Fail2ban-users] Honeypot users

per approach towards implementing this additional filter? Am I leaving something out? Is there anything else I need to consider? Thanks! - Mike ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lis

[Fail2ban-users] config to enable honeypot banning?

ter? Am I leaving something out? Is there anything else I need to consider? Thanks! - Mike ___ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Re: [Fail2ban-users] rule to block probes on sshd

/amp/s/amp.reddit.com/r/sysadmin/comments/2tnlf5/how_tofail2ban_aggressive/ for some examples. On Sat, Feb 23, 2019, 2:13 PM Mike <<mailto:t...@rohms.com>t...@rohms.com> wrote: So a user has proposed an extended version of the sshd config that can address this issue? So has anybody tested t

Re: [Fail2ban-users] rule to block probes on sshd

' actually work? Or is another way to deal with this to edit the existing filter.d/sshd.conf and add this to cmnfailre ? ^Did not receive identification string from I'm not very experienced at modding the f2b config, so as much detail as possible is appreciated. - Mike At 08:54 AM 2/23

Re: [Fail2ban-users] Examples of jails to stop Wordpress probes?

<https://bjornjohansen.no/using-fail2ban-with-wordpress>https://bjornjohansen.no/using-fail2ban-with-wordpress Regards, Denis On 24 Oct 2018, at 20:17, Mike <<mailto:t...@rohms.com>t...@rohms.com> wrote: Does anybody have any examples of sample jail configurations to identify

[Fail2ban-users] Examples of jails to stop Wordpress probes?

Does anybody have any examples of sample jail configurations to identify Wordpress vulnerability probes? If someone can give me a skeleton, I can work on creating something that IDs malicious attempts to hack into wordpress. I just need a basic framework.

Re: [Fail2ban-users] Fwd: Why does ^%(__prefix_line)s fail?

nsubscribe -Oorspronkelijk bericht- Van: Mike Verzonden: woensdag 30 mei 2018 22:19 Aan: fail2ban-users@lists.sourceforge.net Onderwerp: [Fail2ban-users] Fwd: Why does ^%(__prefix_line)s fail? keep trying to unsubscribe and it won't work... who is the mod here? can they unsubscribe this addres

[Fail2ban-users] Fwd: Why does ^%(__prefix_line)s fail?

keep trying to unsubscribe and it won't work... who is the mod here? can they unsubscribe this address?? DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version

Re: [Fail2ban-users] Incremental ban time? unsubscribe

multiple times.. it doesn't work.. I've also tried the un-subscribe link on the web site At 12:20 PM 3/17/2018, you wrote: On Sat, Mar 17, 2018 at 1:13 PM, Mike <m...@icorp.net> wrote: > anybody know how to get off this list? the links don't work Have you tried the links on t

Re: [Fail2ban-users] Incremental ban time? unsubscribe

anybody know how to get off this list? the links don't work At 12:02 PM 3/17/2018, you wrote: That's a built-in feature of the 0.11 development build and it works fantastically! It's really flexible and configurable. On Sat, 17 Mar 2018 at 17:00, Roy Sigurd Karlsbakk via Fail2ban-users

[Fail2ban-users] devs - link to malicious site in jail.local

It looks like the site was transferred to a bad guy. Please remove the link to: cstrike-planet dot com faq/6 under the jail for [counter-strike] Fail2ban was installed from epel on RHEL6 -- What NetFlow Analyzer can do for

Re: [Fail2ban-users] Incomplete whois

Same here. Works most of the time, has been working in the past, but recently the whois call returns an error, which causes the “missing whois program” result. This line in mail-whois.conf is the trigger. If the whois call returns anything but 0 then F2B will print the statement: `whois ||

Re: [Fail2ban-users] $20 filter for banning wp-login spam?

https://bjornjohansen.no/using-fail2ban-with-wordpress ?? Dropping 'fail2ban wordpress wp-login' into google pulls up quite a lot as well. -drmike On Sat, Aug 29, 2015 at 7:38 AM, Sacks, Cailan cailan.sa...@securimeter.co.za wrote: Dude, Linux is free. F2ban is free. The community is a free

Re: [Fail2ban-users] $20 filter for banning wp-login spam?

I've got one offs from. I wanted to point at the actual plugin: https://wordpress.org/plugins/wp-fail2ban/ The bjornjohansen link appears to reference it. Hope this helps -drmike On Sat, Aug 29, 2015 at 11:24 AM, Dr. Mike Wendell theapparatus+fail2...@gmail.com wrote: https://bjornjohansen.no

Re: [Fail2ban-users] Need help with a regex statement

I think I got a working filter. I found this: http://www.arghwebworks.com/2008/06/08/fail2ban-and-spammers/ and am giving it a try. Thanks anyway. -drmike On Mon, Jun 22, 2015 at 2:45 PM, Dr. Mike Wendell theapparatus+fail2...@gmail.com wrote: Greets: I've been flipping over my exim4 logs

[Fail2ban-users] Need help with a regex statement

Greets: I've been flipping over my exim4 logs and noticed a pattern. I block on certain addresses where I know spammers have in their mail lists. For example: 2015-06-22 14:09:47 H=(1.2.3.4) [5.6.7.8] F=s...@imaspammer.tld rejected RCPT n...@mydomain.tld: You are a spammer. Go away. After a