Interesting. I'll have to do something like this as well.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Cleanup jails
*From: * Kasper Thunø
*To: * Nick Howitt
*CC: *Fail2ban-users
x27;[', '2023-06-05 07:23:08', ']...': Error unbanning
It looks like "exec: fail2ban-client set asterisk delignoreip" is the first
error.
Maybe there is a way to run that command by itself from the command line?
I've never worked with actionunban or delig
f from iptables. When fail2ban stops, it removes fail2ban stuff from iptables. If it leaves any,
then something is not right.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.source
Check fail2ban logs, and also, have you tried removing everything fail2ban related from iptables, after fail2ban is
completely shut down?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] fail2ban-client Hangs on
Original Message
*Subject: * Re: [Fail2ban-users] Fwd: apache-proxy
*From: * François Patte
*To: * Wayne Sallee , Fail2ban-users
*CC: *
*Date: * 2023-5-24 01:06 PM
Le 24/05/2023 à 16:43, Wayne Sallee via Fail2ban-users a écrit :
Original
/fail2ban.log
/etc/fail2ban/filter.d/apache-proxy.conf
You are testing fail2ban's log file. Shouldn't that be an apache log?
Yep. I overlooked that mistake. That explains the weird results he got in the
test.
Wayne Sallee
wa...@waynesallee.com
http://www.Wayne
tiport'
info 'ActionInfo({'ip': '88.214.25.4', 'family': 'inet4', 'ip-rev':
'4.25.214.88.', 'ip-host': None, 'fid': '88.214.25.4', 'failures': 1,
'time': 1684345683, 'matches':
ng my own jails.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
:35 +0200
De : François Patte
Pour : Wayne Sallee
Le 09/05/2023 à 18:52, Wayne Sallee via Fail2ban-users a écrit :
Original Message
*Subject: * [Fail2ban-users] apache-proxy
*From: * François Patte
*To: * Fail2ban-users
*CC: *
*Date: * 2023-5-8 04:28 AM
0: 'None'",): 1 Time(s)
** WARNINGS **
Command ['set', 'apache-common', 'maxlines', 'None'] has failed.
Received ValueError("invalid literal for int() with base 10: 'None'"): 1
Time(s)
**Unmatched Entries**
s that fail2ban unban 'unbans (in all jails and database)'. Does that
database include the database where increments are kept for each IP? And if not, how do I reset the increment for this
ip, so that if this slips by me again, I'm not looking at a days-long ban?
Ben
Yes.
mething that you don't want
overwritten.
Does /var/log/fail2ban.log show it finding the IP?
Mine was not even finding the IP until for some reason (maybe server update) it
started finding it again.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
jail.
As seen in the recent thread "fail2ban-regex maches, but fail2ban does not"
Most of my jails are my own jails, as I get better results from making my own
jails tailored to my preferences.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
__
what fixed the problem.
Whatever it was, it affected fail2ban-client, and not fail2ban-regex, and it's
working now.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge
Have not found the bug yet, but I see now, that it has nothing to do with regex, and setting fail2ban to debug level
gives nothing useful.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users
:07
datepattern = %%b %%d %%H:%%M:%%S
Adding the "RCPT from unknown" portion skips the first []'d number which is
not an IP.
That's a good idea. I did not think about that.
But still does not work.
Wayne Sallee
wa...@waynesallee.com
http:/
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * Tim Boneko Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-22 01:42 AM
Am Freitag, dem 21.04.2023 um 15:32 -0400 schrieb Wayne Sallee
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * James Moe Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-21 02:29 PM
On 2023-04-21 06:25, Wayne Sallee via Fail2ban-users wrote:
I
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * James Moe Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-20 05:48 PM
On 2023-04-20 06:12, Wayne Sallee via Fail2ban-users wrote:
The
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * James Moe Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-20 05:48 PM
On 2023-04-20 06:12, Wayne Sallee via Fail2ban-users wrote:
The
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * James Moe Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-19 04:47 PM
On 2023-04-19 09:18, Wayne Sallee via Fail2ban-users wrote
ejected: cannot find your hostname, [50.3.238.76]; from= to= proto=ESMTP
helo=
EOF
#**
#**
fail2ban-regex /var/log/fail2ban-jail-testing.log
/etc/fail2ban/filter.d/testing.conf
Lines: 8 lines, 0 ignored, 8 matched, 0 missed
#*
tail -F -n 100 /var/log/fail2ban.log
2023-04-19 11:1
Original Message
*Subject: * Re: [Fail2ban-users] fail2ban-regex maches, but fail2ban does not
*From: * James Moe Via Fail2ban-users
*To: * Fail2ban-users
*CC: *
*Date: * 2023-4-17 12:50 PM
On 2023-04-17 08:27, Wayne Sallee via Fail2ban-users wrote:
Why
Why does fail2ban not match when fail2ban-regex does match?
It makes fail2ban-regex almost useless.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https
Original Message
*Subject: * Re: [Fail2ban-users] Hi can you please remove me from this list?
*From: * Patrick Shanahan
*To: * Wayne Sallee
*CC: *Fail2ban-users
*Date: * 2023-4-13 11:41 AM
then, look at the header of your post.
Yep, it be there
Original Message
*Subject: * Re: [Fail2ban-users] Hi can you please remove me from this list?
*From: * Patrick Shanahan
*To: * Wayne Sallee
*CC: *Fail2ban-users
*Date: * 2023-4-13 09:19 AM
* fail2ban [04-13-23 09:16]:
Maybe it would be good to
Maybe it would be good to include that at the bottom of each e-mail.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Hi can you please remove me from this list?
*From: * Noel Butler
*To: * Fail2ban
o out the log file, and leave all of testing in tact
for the next time you need it :
echo "" > /var/log/fail2ban-jail-testing.log
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-use
nned: 0 |- Total banned: 0 `- Banned IP list: |
Any idea what may cause this not banning the "matched" IPs / how to debug
further?
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail
t://' | sed 's/,//g'); do echo; echo "Jail: $jail"; fail2ban-client set $jail unbanip $input; done
Another thing that you can do, is to keep your ban time set to a few seconds, when testing, then if you get banned, it's
only for a few seconds.
You can also put a
x27;Jail list:' | sed 's/.*Jail
list://' | sed 's/,//g'); do echo; echo "Jail: $jail"; fail2ban-client set $jail unbanip $input; done
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Set that jail to:
maxretry = 1
Then run:
fail2ban-client stop; fail2ban-client start
and see what happens.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] Postfix filter finds IPs, fails to ban them
*From
Run
fail2ban-regex /var/log/httpd/error_log
/etc/fail2ban/filter.d/apache-overflows.conf --print-all-matched | less
What is your findtime for apache-overflows?
Also try
fail2ban-client stop; fail2ban-client start
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
u not have a /var/log/auth.log to use for sshd?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] Setup help with apache-* jails
*From: * Sam Laffere
*To: * Fail2ban-users
*CC: *
*Date: * 2020-4-15 02:
I have not looked at it, but each jail works independently of the other jails. I don't think any of the jails interact
with other jails.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] sshd-ddos jail query
And then decided to also:
Find:
From: <>
Replace with:
From: @ <>
To differentiate the fail2ban e-mails from by server, verses fail2ban e-mails
from fail2ban server.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Orig
And then I also went back and did a little more clean up:
Delete:
Hi,\n
Original Message
*Subject: * Re: [Fail2ban-users] Rearranging the action_mwl output?
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC: *
*Date: * 2020-2-29 11:45 AM
cp
formation about :\n
`/usr/bin/whois || echo missing whois program`\n\n
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Rearranging the action_mwl output?
*From: * Gary Gapinski Via Fail2ban-users
You could try creating your own jail, and see if that works.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Blocking Logins in Drupal 7 does not work!
*From: * Henrique Fagundes
*To: * Wayne Sallee
And you tried logging in, and deliberately failing the login?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Blocking Logins in Drupal 7 does not work!
*From: * Henrique Fagundes
*To: * Wayne
Also, here is a handy script for un-banning IP addresses:
for jail in $(fail2ban-client status | grep 'Jail list:' | sed 's/.*Jail list://' | sed 's/,//g'); do echo; echo "Jail:
$jail"; fail2ban-client set $jail unbanip 111.111.111.111; done
#sendmail-whois[name=DRUPAL, dest=supo...@cnsocial.org.br]
logpath = /var/log/messages
maxretry = 1
findtime = 7776000
bantime = 15552000
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail
Oops, I did not see that there were still more posts. :-)
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Help with Fail2Ban on PhpMyAdmin
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC: *
*Date
Did your restart, or reload fail2ban, after making changes to the cofig file?
fail2ban-client reload
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Help with Fail2Ban on PhpMyAdmin
*From: * Henrique
bit differently. I replaced the Reverse DNS with
the server name FQDN, and that fixed the problem.
But I still think that Fail2Ban should get server name from the system, rather
than look to DNS.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
It looks like Fail2Ban could use some more help.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] details on updates?
*From: * Tom Hendrikx
*To: * Fail2ban-users
*CC: *
*Date: * 2020-2-10 04
In jail I have:
port = ssh
I define the ssh port in
/etc/ssh/sshd_config
And when I change the port in /etc/ssh/sshd_config fail2ban knows what port.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] Fwd: Re: Fwd
Yes I agree, it would be nice to get updates on this list, as they happen.
It would also be nice if they would reply to the posts. But they seem to have a
stuck up attitude.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban
Original Message
*Subject: * Re: [Fail2ban-users] IP Address instead of Server Name - Change it
Back.
*From: * Kristupas Zaveckas
*To: * Wayne Sallee
*CC: *Fail2ban-users
*Date: * 2020-2-7 11:55 AM
please dont send emails, delete my mail please
Has anyone else had this problem?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] IP Address instead of Server Name - Change it
Back.
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC: *
*Date
I was forced to downgrade to Fail2ban v0.9.6
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] IP Address instead of Server Name - Change it
Back.
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC
The server that is right, has debian package version 0.10.2-2
The server that is giving the IP, has version 0.10.2-2.1
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] IP Address instead of Server Name - Change it
Fail2Ban is now putting the IP address in the e-mail subject, instead of the
Server Name.
How do we change it back?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
And now it's doing it with ban e-mails. What's going on?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] [Fail2Ban] apache-auth: stopped on (IP Address
instead of ServerName)
*From: * Wayne S
And does "|sendername =" not work anymore?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
|
Original Message
*Subject: * [Fail2ban-users] [Fail2Ban] apache-auth: stopped on (IP Address
instead of ServerName)
*From: * Wayne Sallee
*To: *
On one of my servers, fail2ban is now sending e-mails of stopping and starting jails, but instead of giving the server
name, it gives the server IP address. Is this something that changed in an update?
I would much prefer server name.
Wayne Sallee
wa...@waynesallee.com
http
Interesting.
I decided to check out your website, so I went to rohms.com, but there is
nothing there.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] Fwd: Re: When to decide that fail2ban is not a
good solution
ail2ban to add
this to the e-mail, it just makes sense.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Original Message
*Subject: * Re: [Fail2ban-users] No failure-id group in
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC: *
*Date: * 2019-9-22 09:01 AM
Still no answer?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original
Still no answer?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] dovecot-pop3imap error: ERROR No failure-id group
in '(?: pop3-login|imap-login)
*From: * Robert Kudyba
*To: * Fail2ban-users
Still no answer?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] No failure-id group in
*From: * Wayne Sallee
*To: * Fail2ban-users
*CC: *
*Date: * 2019-8-15 01:19 PM
What does the following
/var/broadworks/logs/apache/access_log
[custom-web-filter]
enabled = true
port = http,https
logpath = /var/broadworks/logs/apache/access_log
maxretry = 2
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing
ilregex = (:80|:443) .*(?:)
ignoreregex =
EOF
#***
In the "badbots =" add things that the hackers are requesting.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] jail.local not triggered
*From: * Che
0
`- Banned IP list:
Any ideas?
You have maxretry set to 50.
That means it will have to happen at least 50 times.
Try changing it to 1, and see what happens.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban
s.com>>
wrote:
At 07:25 AM 8/28/2019, Wayne Sallee wrote:
> Original MessageÂ
>*Subject:Â *Â Â Re: [Fail2ban-users] maxretry maxfailures What's the deal
??
>*From:Â *Â Â Â Â Â Dominic Raferd mailto:domi...@timedicer.co.uk>>
>*To:Â
Thanks for not answering my simple question.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
So is one for an old version, and the other for the newer version?
If so, which one is depreciated?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] maxretry maxfailures What's the deal ??
*From: * Do
ls /etc/fail2ban/filter.d
and see if your jail is really there, and if so,
cat /etc/fail2ban/filter.d/sshd.conf
to see if it has bad code in it.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] bans not working
You can restart just one jail instead of restarting all of fail2ban.
fail2ban-client reload sshd
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] error using ban
*From: * Mike
*To: * Fail2ban-users
*CC
So what is the deal?
Should we use maxretry or maxfailures, or both?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] maxretry maxfailures What's the deal ??
*From: * Mike
*To: * Fail2ban-users
You probably should change your findtime to days, rather than hours.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users] error using ban
*From: * Mike
*To: * Fail2ban-users
*CC: *
*Date: * 2019-8-23
If you want to participate in this mailing list, just send e-mail questions and replies to this list like you did in
this e-mail.
I assume that you subscribed at
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Wayne Sallee
wa...@waynesallee.com
Original Message
ch is what I want to avoid.
I have been able to use fail2ban-client reload without it unbanning, rebanning.
It works great. It reloads the configs, and continues on with the new config
settings.
Wayne Sallee
wa...@waynesallee.com
http://www.Wayne
irect, and they get banned after a couple
attempts of anything.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * Re: [Fail2ban-users] which jail to enable for crawlers looking for
CMS vulnerabilities
*From: * Wayne Sallee
n]
failregex = (:80|:443) .*(?:)
ignoreregex =
EOF
#***
Wayne Sallee
wa...@waynesallee.com
Original Message
*Subject: * [Fail2ban-u
Well it worked again.
Maybe it needs a sleep time:
This works:
fail2ban-client get dbfile
service fail2ban stop
# rm the database
service fail2ban start
sleep 60
fail2ban-client stop; fail2ban-client start
Wayne Sallee
Well that seemed to work only
once.
Wayne Sallee
wa...@waynesallee.com
Original Message
*Subject: * Re: [Fail2ban-users] Tell Fail2Ban reassess log files
new config
*From: * Wayne Sallee
*To
This works:
fail2ban-client get dbfile
service fail2ban stop
# rm the database
service fail2ban start
fail2ban-client stop; fail2ban-client start
Wayne Sallee
wa...@waynesallee.com
Original
How do you tell Fail2Ban to go back and reassess the log files with the new config file, and ban all those that did not
get banned?
Wayne Sallee
wa...@waynesallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https
What does the following cryptic message mean?
No failure-id group in
Wayne Sallee
wa...@waynesallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
failregex =
What would this need to be to make fail2ban, ban everything?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo
I use:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O %I \"%{Referer}i\"
\"%{User-agent}i\""
Wayne Sallee
wa...@waynesallee.com
Original Message
*Subject: * Re: [Fai
rrent fail2ban manual has "maxretry" and not "maxfailures".
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
Did you restart fail2ban?
Any errors given by fail2ban?
Does it end the bans at a consitant time?
According to your previous e-mail you have bantime set to 4.9 days.
(bantime = 423360)
Wayne Sallee
wa...@waynesallee.com
http
Is your biggest problem with ssh?
Did you not disable port 22, and use a different port?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
*Subject: * [Fail2ban-users
Here is the method I use:
http://www.WayneSallee.com/downloads/Automated-Server-Setup.txt
scroll down to the fail2ban part.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
Original Message
tever code that you want that bots are using
to try to break wp.
Also another way to add security your website, is to move all your admin loggins to a different folder that the bots
won't find.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 10/25/2018 09:36 PM, Mike
gs to be safe.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/29/2018 11:48 AM, busin...@theherbsplace.com wrote:
I am on a Linux 2 Amazon AMI with PHP 7.2 running Apache 2.4 and Python 2.7.14. Currently, I am on an old version
0.8.14. The s/w isn’t working correctly an
What operating system are you using?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/29/2018 11:48 AM, busin...@theherbsplace.com wrote:
I am on a Linux 2 Amazon AMI with PHP 7.2 running Apache 2.4 and Python 2.7.14. Currently, I am on an old version
0.8.14. The s/w
You have a very old version of fail2ban I have found 0.10.2-2 to be more stable. There are newer versions than this as
well, but 0.10.2-2 is what I have decided to stick with for now. fail2ban is definitely beta.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/28/2018 03:54
Maybe it's finding it in firewall logs?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/24/2018 02:48 PM, James Moe via Fail2ban-users wrote:
fail2ban v0.10.3
linux 4.12.14-lp150.12.7-default x86_64
I do not understand what the entries below are telling me.
If t
Using a ping test website works good for testing fail2ban.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 11:23 AM, Wayne Sallee wrote:
That works!
Thanks!
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 11:14 AM, Wayne Sallee wrote
That works!
Thanks!
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 11:14 AM, Wayne Sallee wrote:
er.. beta :-)
I used to be heavy into fish, and also had an aquarium store for 4 years, and
sold lots of bettas.
This seems to work better:
(:80|:443
.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 10:57 AM, Wayne Sallee wrote:
That looks good.
But:
fail2ban-regex /var/log/appache2/access.log ":(80|443) .*BanMePlease "
--print-all-matched
Running tests
=
Use failregex line
quot;No 'host' group in '%s'" % self._regex)
fail2ban.server.failregex.RegexException: No 'host' group in ':(80|443)
.*BanMePlease '
fail2ban is definitely betta.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 10:43 AM, Ni
Or something like the following?
^*?:(80|443) .*BanMePlease
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/16/2018 09:17 AM, Nick Howitt wrote:
^(domain1|domain2|domain3):(80|443) .*BanMePlease but remember to escape the
"." in the domain name.
On 16/08/2018 14
Didn't work. It could not find the IP
Then I tried
^.*?
and it was back to looking up my IP address.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 05:57 PM, Wayne Sallee wrote:
I did not see your second suggestion. I'll try that.
Wayne
I did not see your second suggestion. I'll try that.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 05:47 PM, Wayne Sallee wrote:
Thanks,
I can't use that, as I have several domains.
Also "80" can't be used, as sometimes i
Thanks,
I can't use that, as I have several domains.
Also "80" can't be used, as sometimes it's 443.
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 03:33 PM, Tony Collins wrote:
I think if you put this it should work:
^waynesallee.com:8
fail2ban is expecting the first entry to be the ip address of the bot, but the bot's ip address comes after the domain
name visited.
So what to I need to do to the filter to fix this?
Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com
On 08/15/2018 03:21 PM, Wayne Sallee
1 - 100 of 127 matches
Mail list logo
