Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26, Sergio M ha scritto:
Eric Shubert escribió:
Timing is good on this. :)
HOST is an alias for a regular expression to find the ip address. Which
is defined in the code.
Succes,
Peter.
Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il
Hi.
HOST matches either the Ip address or the hostname
Cheers
Finn
On 08-03-2011 09:04, Digital Instruments wrote:
Nice, that's great! :)
Just a little question: I don't get this HOST (I've also read the
wiki but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and re-formatting,
I didn't know what that fail2ban meaning (I haven't tried it also)
but, I saw something weird. So
On 3/8/2011 11:18 AM, Pak Ogah wrote:
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried
Pak Ogah escribió:
div class=moz-text-flowed style=font-family: -moz-fixedOn
07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what
okay thank you for your explanation
On 08-Mar-11 19:43, Toma Bogdan wrote:
Hello,
If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
---
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
Oke done, prettified with some minor changes
http://wiki.qmailtoaster.com/index.php/Fail2Ban
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under
Used on Centos 5.5
/etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named host. The tag
HOST can
# be used for standard
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
--
-Eric 'shubes'
On 03/07/2011 02:37 AM, Toma Bogdan wrote:
Used on Centos 5.5
/etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the
I'll try to prettified for you :D
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit
Eric Shubert escribi:
Timing
is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction="">
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
Hey guys, I created a basic article,
Thanks, David.
FWIW, I agree with what you're saying. Most are just script kiddies,
and lack any substantial skills. If they had greater skills, I would
hope that they'd be doing something more constructive.
--
-Eric 'shubes'
On 03/03/2011 08:31 PM, David Milholen wrote:
Eric,
Ill see what
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
I wrote some basic stuff, but it needs proper wiki
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for fail2ban started?
Even if it's just a rough outline along with your configuration, that
would be helpful. I'm sure others can add more details once something's
there to work with.
TIA.
--
-Eric 'shubes'
Thanks,
On 03/02/2011 09:08 PM, David Milholen wrote:
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown into
and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
rofl, I doubt you will ever call an hacker stupid. Prolly they are
just kids having fun.
on logging pop3
failures!)
- Original Message
From: Eric Shubert e...@shubes.net
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 8:28:57 AM
Subject: [qmailtoaster] Re: SMTP attack
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for fail2ban
failures!)
- Original Message
From: Eric Shuberte...@shubes.net
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 8:28:57 AM
Subject: [qmailtoaster] Re: SMTP attack
David,
Thanks, David.
BTW, can you find a few moments to get a wiki page for fail2ban started?
Even
AM
Subject: [qmailtoaster] Re: SMTP attack
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Banaction=edit
Have at it. I've added a link to this page under the Configuration-
Security section. It's a start (albeit not much of one).
--
-Eric 'shubes'
On 03/03/2011
Eric,
Ill see what I can do. Ill review my old notes on adding it to my
system and what kind of config I used to have success.
I will also list the script that has the trigger for a honeypot
server.
Yes, Hackers are stupid because they are not using their talent for
Hi all.
I installed and is using fail2ban after Eric wrote about it long time ago.
It works perfectly and is doing a nice job blocking different attemps on
my server. (Iptables drop ip)
I am using dovecot and is having fail2ban checking the dovecot log for
bad password attempts (amongst
a page on the wiki sounds like a hero of a thing .
I know that i would like some wisdom on how to implement fail2ban with
my qmailtoaster
On 3/1/2011 9:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page
Eric: hi, sorry im a new here (principiant), wath do you think about
DENYHOST, insted of fail2ban
i use DENYHOST as a service and work good.
Gustavo
2011/3/1 Eric Shubert e...@shubes.net
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo De Poli wrote:
Eric: hi, sorry im a new here (principiant), wath do you think
DENYHOST works only for SSHD .
2011/3/2 Eric Shubert e...@shubes.net
Hey Gustavo.
I don't know about it, so I have no opinion. Please post a link to more
info. Thanks.
If someone else has some thoughts on this, please chime in.
--
-Eric 'shubes'
On 03/02/2011 10:49 AM, Gustavo
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown
into and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
On 3/1/2011 7:24 PM, Eric Shubert wrote:
Yes,
but the attacks appear to be coming from a
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That may
no be affecting you, but you should check to be sure. Run
Yes, but the attacks appear to be coming from a variety of addresses.
fail2ban will do essentially this automatically and for whatever
addresses attacks may come from. fail2ban is much better solution imo.
--
-Eric 'shubes'
On 03/01/2011 06:14 PM, Tony White wrote:
Try this at the command
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban
Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is much better
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
I don't think so. The hacker is trying to authenticate, and failing.
Greylisting would prohibit mail from being received, but the problem
occurs before an email is transmitted.
Thanks for the suggestion though.
--
-Eric 'shubes'
On 03/01/2011 06:38 PM, Carlos Herrera Polo wrote:
Greylisting
True enough. Can be a quick and dirty (temporary) fix.
--
-Eric 'shubes'
On 03/01/2011 06:44 PM, Tony White wrote:
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page on the wiki for this?
--
-Eric 'shubes'
On 03/01/2011 06:58 PM, Cecil Yother, Jr. wrote:
Tony,
Does this append the existing iptable with the offending IP?
I use fail2ban and it
I haven't implemented Fail2Ban yet. Been meaning to, but haven't had the
need. I believe others on this list have though.
--
-Eric 'shubes'
On 03/01/2011 06:52 PM, Tony White wrote:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum install fail2ban instead of compiling.
On 03/01/2011 06:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just
Trouble is Fail2Ban requires the shorewall firewall!
At least if you use the rpm's.
On 02/03/2011 3:58 PM, Maxwell Smart wrote:
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum
38 matches
Mail list logo
