search for: 1q2w3e

...HOST>,.+\): invalid credentials >> \(given password: 123321\) >> auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: 1234567890\) >> auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: 1q2w3e4r.+\) > > It's still reactive, and not pro-active. > > All the other suggestions are very much appreciated, including > weakforced, however implementing that is a much larger project. i dont understand why you focused on that ldap strings fail2ban should trigger on some "...

...regex in the > related syslog > > perhaps this will help to make it more clear > > http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot Yes, but I have that as well. :-) I wanted two kinds of blockings: #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, etc, etc) to become blocked *immediately* and for *always*. #2: I wanted all others have to have the 'regular' settings, with three shots at typing a password, etc. #2 being the 'regular fail2ban' settings, but during this attack, I wanted special settings, #1, for anyone tryi...

...gt;> perhaps this will help to make it more clear >> >> http://www.stefan-seelmann.de/wiki/fail2ban#postfix-and-dovecot > > Yes, but I have that as well. :-) > > I wanted two kinds of blockings: > > #1: Everybody trying the well-known passwords (password, 123321, 1q2w3e, > etc, etc) to become blocked *immediately* and for *always*. > > #2: I wanted all others have to have the 'regular' settings, with three > shots at typing a password, etc. > > #2 being the 'regular fail2ban' settings, but during this attack, I > wanted speci...

...s this one bot went to. 58.53.192.47: 8002 times test/password: 48 times user/password: 45 times fax/password: 43 times www/password: 34 times info/password: 27 times /password: 24 times bill/password: 24 times httpd/password: 23 times 1q2w3e/password: 21 times admin/password: 21 times andrew/password: 20 times guest/password: 20 times michael/password: 19 times paul/password: 19 times webmaster/password: 19 times 0m0n0b0v/password: 18 times 1z2x3c4v/password: 18 times cvs/p...