Re: [Fail2ban-users] Help needed with regex

Am 19.10.2023 um 18:52 schrieb Marcel Blenkers: Hi Peter, thanks for the reply. Unfortunatly i forgot something i changed the ip for datapeotection the ip 192.168.10.10 is actually the ip which is accessing the webserver. so it shows the correct ip, just not in my

Re: [Fail2ban-users] Help needed with regex

I think, you are not aware, what 192.168.10.y means. this is the IP-address seen inside the docker container. This IP is created by NAT on your host. If you block them, you are not blocking access from outside to your host, but blocking the way back from docker container to your host

Re: [Fail2ban-users] Drop Established Connection on Ban

Am 03.05.2021 um 16:47 schrieb Kenneth Porter:  I haven't found anything on rate-limiting it except as an anti-spam measure. However, sendmail runs milter. They made for sendmail native. There is milter-greylist, which have "rcptcount". You can cause a abort after a number of RCPT TO:

Re: [Fail2ban-users] possible to create jails from HHTP statuscodes

Of course, could be possible, but is a bad idea, i think. Lets take a look on a access line. [17/Apr/2021:16:50:41 +0200] [myserver.server4you.de:80] [client 40.121.52.49] - - "GET /.env HTTP/1.1" 404 463 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)

[Fail2ban-users] list works wrong - DKIM signatures are failing

Hi, because of fighting spam i modified DMARC policy to report failing mails. It isn't not only my system which claims wrong DKIM signatures, got reports about same errors from 3 other systems because of DMARC report policy. Authentication-Results: austria136.server4you.de (amavisd-new);

Re: [Fail2ban-users] Actual ban duration?

Am 30.07.2020 um 21:22 schrieb Gary Gapinski via Fail2ban-users: > > I am uncertain whether such table entries are removed when a ban expires. No, they don't. > Why is journalctl scanning necessary? > He probably tries to find out which ones are valid. Better way for me was to ask

Re: [Fail2ban-users] Actual ban duration?

Am 30.07.2020 um 21:08 schrieb Peter Heirich: > > > Am 30.07.2020 um 19:01 schrieb david: >> >> Second, I'm trying to build a report for my own use, which would show >> the current bans.  Ideally, each line of the report contains: >>  - IP address that is

Re: [Fail2ban-users] recidive jail set, but IP still gets in

:2a:d9: # TUNNEL=216.66.84.42->217.172.186.11 SRC=2001:0470:702b::f741:3955:6972:6290 DST=2001:0470:1f13:107e:0000::1001:1001 LEN=80 # TC=0 HOPLIMIT=249 FLOWLBL=672608 PROTO=TCP SPT=39018 DPT=23 WINDOW=28240 RES=0x00 SYN URGP=0 OPT (020405840402080A905D197001030307) # # Author:

Re: [Fail2ban-users] recidive jail set, but IP still gets in

Am 07.07.2020 um 13:32 schrieb Yassine Chaouche: > > Let us examine what f2b logs for 185.143.72.27 say : > > 1. Is is banned/unbanned by *postfix-sasl* 4 times > > 2. on the fifth occurence, it is first banned by the *postfix-sasl* > jail then by the *recidive* jail. Curiously, the *recidive*

Re: [Fail2ban-users] recidive jail set, but IP still gets in

Am 01.07.2020 um 16:53 schrieb Yassine Chaouche: > > From: Peter Heirich - 2020-07-01 14:22:19 > >> try command >> >> sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans WHERE >> jail='recidive';" > > I don't have that file in /var/l

Re: [Fail2ban-users] recidive jail set, but IP still gets in

try command sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans WHERE jail='recidive';" to see if ip in database [root@genf132:4 log]0# sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "SELECT * FROM bans WHERE jail='recidive';" should give answer like

[Fail2ban-users] FYI: timing problem on my Centos 6.10 64bit SMP

Hi, since a long time i've used a patched 0.10.0 because of IPv6. However, i've just updated to current 0.11.2_dev from git on a Centos 6.10 (final), also current. Like the old 0.10.0 one it doesn't work well because of a timing problem, i think. Does a quick and dirty patch, i've appended. See