Hi Christophe - I might be missing something here, but I cannot see an
'action' defined for the SSH rule
Tony Collins
On 31 May 2016 at 14:57, Christophe Millon
wrote:
> sorry the configuration file is sshd.conf, and is match the right
> adresses, here is the test :
>
ath in your jail conf, so unless you've got some other program that's
doing something with the log file, I guess that can't be the problem. It's
worth mentioning in case it sparks an idea.
Tony Collins
On 27 August 2017 at 15:08, chaouche yacine via Fail2ban-users <
f
files are
monitored/backed up/rotated/saved.
Once you've increased the logging level, hopefully we will have a much
clearer picture of what's happening.
I'm not sure if I'm sending this to the right address - I got two copies of
your reply, so I hope I'm sending it to the rig
" lines in fail2ban.log, check
syslog/rsyslog conf files just in case there's a line there directing
fail2ban.filter/fail2ban.info to /var/log/messages or somewhere else. 4)
Actually you could always *grep --exclude-from=/var/log/fail2ban.log
fail2**ban.filter
/var/log/* *and see if th
eshooting steps that leads to finding out the right thing to do.
I'm gonna look into the other bits of software you mentioned. F2b is pretty
heavy on my system.
All the best :-)
-tony
Tony Collins
On 4 September 2017 at 15:30, chaouche yacine via Fail2ban-users <
fail2ban-users@lists.s
ust as if the IP address was blocked. You don't need to
simulate the actual iptables/ipset/firewall-cmd action, all you need to do
is see if it would've been "banned".
I hope I've been clear here!
Tony Collins
On 9 October 2017 at 07:59, Dominic Raferd wrote:
>
-all-missed to print all
> 657 lines
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http:/
the
other 657 lines, we need to see the "missed" lines.
To do that, please run the fail2ban-regex command again but add this to the
then: --print-all-missed
Then copy 100 of them into your reply so we can examine them.
Tony Collins
On 16 October 2017 at 04:16, A wrote:
> Thank
show us your sshd.conf file please? There shouldn't be anything
'identifiable' in there, so you're safe to send it here. We can take a look
and see if there *should* be more "ignored" lines according to your conf.
If you've got things in there already, then it might be
I can't see any hijacking - the contents match the subject line ("Reporting
to badips.com and blocklist.de at same time"), unless I'm missing an email
somewhere.
Tony Collins
On 18 October 2017 at 19:09, Bill Shirley
wrote:
> Do not hijack a thread. Start your own threa
x27;ve done, it's worth trying with different combinations in case the
instructions were literal).
I'm not saying this will definitely make it work - but it is essential that
you have this defined, because your [ssh] section is asking for it to be
there.
Tony Collins
On 25 Octob
for unblocking,
because f2b 0.11.x manages ban times so much more effectively and
logically. F2b has always managed bans and unbans pretty well, but there's
been some really excellent polish applied to recent versions.
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Train
e vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
--
-- Tony Collins
---
ða skaltu í stein höggva, hið illa í snjó rita.
>
> --
>
> *From: *"Tony Collins"
> *To: *"Fail2ban Users"
> *Sent: *Saturday, 17 March, 2018 18:02:18
> *Subject: *Re: [Fail2ban-users] Incremental ban time?
>
> That's a built-in feature of the 0.11 develop
ry configurable, but now we have
an ability to generate longer and longer ban times, so Fail2Ban really
feels even more useful.
Tony
On Fri, 30 Mar 2018 at 11:31, Palvelin Postmaster via Fail2ban-users <
fail2ban-users@lists.sourceforge.net> wrote:
>
>
> > On 15 Mar 2018, at 12:
ers 28-03-2018 14 days, 12-04-2018 03:07:17)
*Previous bans*
16-03-2018 15:50:21 [crawlers] Ban
16-03-2018 17:50:20 [crawlers] Unban
17-03-2018 14:16:50 [crawlers] Ban
19-03-2018 20:06:08 [crawlers] Unban
24-03-2018 21:25:22 [crawlers] Ban
08-04-2018 14:24:25 [crawlers] Unban
10-04-2018 04:46:49
I'm just learning how to use regexes, and I created this one to cover all
the different flavours of the "Jorgee" script that tries to access your
phpmyadmin files.
I didn't base it on HTTP response codes because some of them come up as
200, some as 301/302 depending on exactly what is asked for,
ail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
--
-- Tony Collins
--
Check out the vibrant tech community on one of the world&
ilter).
You don't necessarily need that variable - if your jail reliably,
consistently bans the right attackers, without leaving any attackers
unbanned and without banning any innocent ones, then it's fine to just use
the one that works for you.
Tony Collins
RMT Tier 1 Health & Sa
The irony is that you're gonna have to use fail2ban to block all of us!
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Traincrew Depot
07949 228324
On 30 May 2018 at 21:19, Mike wrote:
> keep trying to unsubscribe and it won't work...
>
> who is
I know this is an obvious thing to check, but did you set up a mail
redirect ages ago that you've forgotten about?
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Traincrew Depot
07949 228324
On 30 May 2018 at 21:39, Mike wrote:
>
>
> I go through that
I honestly don't know why some of these don't work. It's frustrating.
But if you've found a way to make it work, that's good enough :-) :-)
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Traincrew Depot
07949 228324
On 30 May 2018 at 21:32,
op3,pop3s -j
> f2b-postfix-sasl\n -F f2b-postfix-sasl\n -X
> f2b-postfix-sasl'], ['actionflush', ' -F f2b-postfix-sasl'],
> ['actioncheck', " -n -L INPUT | grep -q 'f2b-postfix-sasl[
> \\t]'"], ['actionban', ' -I f2b-postfix-s
gt; [DEFAULT]
> logtimezone = UTC
>
> Tony Collins kirjoitti 2018-06-04 15:44:
> > Notice the time in the log - at 12:19, an entry for 5.101.40.66 was
> > found in the log at "09:19". It's banned from 09:19 for 60 minutes,
> > meaning it was due to be be unbanned
in my 'sendmail' action - my f2b
emails always show everything that the banned IP address has done on my
system in the last 12 months. That's different to what you're talking
about, obviously, but I've written a script that gives me very detailed
emails every time an IP address
cipher|key exchange method)%(__suff)s$
mdre-aggressive = %(mdre-ddos)s
%(mdre-extra)s
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Traincrew Depot
07949 228324
On 8 July 2018 at 07:59, Gregory Schultz wrote:
> Hello,
>
> I’
og/plesk/httpsd_access_log.processed
/var/log/plesk/httpsd_access_log.processed.1
Note the two different ways of adding more than one log file - either
separated with a semi-colon ---> ; <--- or, separated with a newline.
Tony Collins
Tony Collins
RMT Tier 1 Health & Safety Repr
all-matched
Just replace logfile.log with the filename that has the offending log line
in it
Tony Collins
RMT Tier 1 Health & Safety Representative
Edgware Road Traincrew Depot
07949 228324
On 10 August 2018 at 18:01, Mauricio Tavares wrote:
> On Fri, Aug 10, 2018 at 12:49 PM, W
es, things we KNOW
we should've tidied up years ago but never got around to :-)
If you haven't set up a jail.local file and you're configuring everything
in jail.conf, now would be a good time to start. Every time there's an
update to fail2ban, it will wipe your config. It'
p://www.WayneSallee.com
>
> On 08/10/2018 11:59 AM, Tony Collins wrote:
>
> [plesk]
> enabled = false
> action = %(ipset-action)s[name=%(__name__)s, bantime="%(bantime)s",
> port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
&g
ired?
>
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
> On 08/10/2018 01:15 PM, Tony Collins wrote:
>
> The failregex I just gave you will work for it - you can test it like this:
>
> fail2ban-regex logfile.log ".*JDatabaseDriverMysql"
rote:
>
>> Your example will never error, as you have "enable = false".
>>
>> Wayne Sallee
>> wa...@waynesallee.com
>> http://www.WayneSallee.com
>>
>> On 08/10/2018 11:59 AM, Tony Collins wrote:
>>
>> [plesk]
>> enabled = false
>>
the answer.
>
> Thanks!
>
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
> On 08/10/2018 01:41 PM, Tony Collins wrote:
>
> Because the IP address of the computer that's "attacking" you is the most
> vital piece of information. So, when fail2ban
ue
> port = http,https
> logpath = /var/log/apache2/error.log
> maxretry = 2
>
> And this will not error:
>
> [apache-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error2.log
> maxretry = 2
>
>
> /var/log/apache2/error2.lo
gt;
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
> On 08/10/2018 02:43 PM, Tony Collins wrote:
>
> Thank you for the information.
>
> Ok, I think you mentioned that the semi-colon doesn't work either. But I'd
> like to check.
>
> Can you tell me i
ee.com
> http://www.WayneSallee.com
>
> On 08/10/2018 03:03 PM, Wayne Sallee wrote:
>
> I already tried both methods, and even tried spaces after the line.
> Maybe I got a buggy version of Fail2Ban.
>
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
/var/log/apache2/error5.log
> maxretry = 2
>
> EOF
>
>
>
>
> Something like that. :-)
>
> Wayne Sallee
> wa...@waynesallee.com
> http://www.WayneSallee.com
>
>
> On 08/10/2018 03:15 PM, Tony Collins wrote:
>
> It would be so helpful if we could see your con
***
> >
> > What's the best way to to set Fail2Ban to ban this kind of thing?
> >
> > [apache-overflows] ignores it.
> >
> If you know you will never use "feed_url" in a query, why not look
> for it?
> >
> > Wayn
he-overflows]
> enabled = true
> port = http,https
> logpath = /var/log/apache2/error.log
> /var/log/apache2/error1.log
> /var/log/apache2/error5.log
> maxretry = 2
>
> EOF
>
>
>
>
> Something like that. :-)
>
> Wayne Sallee
> wa...@waynesa
gt; Fail2ban-users mailing list
> > Fail2ban-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
> ------
It seems to put a line break in on my phone screen - in the examples I
gave, it's all on the same line
On Wed, 15 Aug 2018 at 20:33, Tony Collins wrote:
> I think if you put this it should work:
>
> ^waynesallee.com:80 .*BanMePleass
>
> If the literal text doesn't work
;
>
> ------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Fail2ban-users
I think that's the virtual memory size - the real memory is 0.2% of your
RAM total, about 16mb. IIRC, ulimit -s doesn't apply to virtual memory.
On Mon, 15 Oct 2018 at 12:12, r fancher via Fail2ban-users <
fail2ban-users@lists.sourceforge.net> wrote:
>
>
> I have added ulimit -s 256 to the en
to get the output you posted in
your first message?
On Mon, 15 Oct 2018 at 13:46, r fancher wrote:
> I am showing 1.2 gigs real memory. Currently showing 0 being used in
> virtual memory.
>
>
> ------
> *From:* Tony Collins
> *To:* Fail2ban User
gt; top of the list.
>
>
> ------
> *From:* Tony Collins
> *To:* Fail2ban Users
> *Sent:* Monday, October 15, 2018 7:24 AM
>
> *Subject:* Re: [Fail2ban-users] Lowering the memory usage
>
> I want to check here - in your original post when you
45 matches
Mail list logo