search for: ban

Hi, We are using CTDB version 1.0.77 and yesterday we saw an instance of node running into issues and banning itself to recover (as listed below): node1: 2009/07/29 23:23:37.748251 [22371]: Banning node 0 for 300 seconds 2009/07/29 23:23:37.748263 [22371]: self ban - lowering our election priority 2009/07/29 23:23:37.748503 [22275]: This node has been banned - forcing freeze and recovery Now other no...

...ochey wrote: > > On 02/08/2019 19:38, Jon LaBadie wrote: > > On Fri, Aug 02, 2019 at 10:19:49AM -0400, mark wrote: > > > Fred Smith wrote: > > > > On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote: > > > <MVNCH> > > I've been using fail2ban for some time, I have a number of ports open to the > Internet - SSH, SMTP, IMAPS, HTTP and HTTPS on my external subnet. > > This thread made me look at how fail2ban was doing, and I noticed that it > wasn't particularly working too well for SSH, as I have turned off password >...

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard file, so...

On 05/08/2019 09:18, Pete Biggs wrote: >> I've found the default 10min bans hardly bother some attackers. >> So I've added the "recidive" feature of fail2ban. After the >> second 10min ban, the attacker is blocked for 1 week. >> > Oh definitely. My systems are set to "3 bans and you're out" - a > recidive ban is permane...

Why are you replacing known spammers with these "banned" strings ? This forbids anti-spam filters & programs to do their jobs properly.

I've followed one of the pages on line specifically for installing fail2ban on Centos 7 and all looks fine. I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on another page: \[<HOST>\]: 535 Incorrect authentication data which appears to be successfully matchnig lines in /var/log/exim/mail.log such as 2019-04-19 13:06:10 dovec...

Incident Information:- Originator: "G Lalithambika"<lalithambika@mumbai.tcs.co.in> Recipients: samba@samba.org Subject: FOCHAP06 WARNING: The file FOCHAP06.DOC.pif you received was infected with the W32/SirCam@MM virus. The file attachment was not successfully cleaned.

man_in_shack banned me during a casual conversation where i was explaining my dual x server wine setup, saying I was contradicting myself. I obviously wasn't trying to contradict myself, if I did, and I don't see how this is ban-worthy under any circumstance.

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been b...

> I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on > another page: The standard exim.conf already has a 535 filter. Was that not working for you? > > \[<HOST>\]: 535 Incorrect authentication data > > which appears to be successfully matchnig lines in /var/log/exim/mail.log such &...

I find csf/lfd much easier to configure and can be used in combination with fail2ban. Gary Stainburn <gary.stainburn at ringways.co.uk> wrote: >I've followed one of the pages on line specifically for installing fail2ban on >Centos 7 and all looks fine. > >I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on >another page: >...

Hello, I'm Ziyu Yu, a gsoc applier. I'm banned from the irc: * alapagos.oftc.net NOTICE AUTH :*** Looking up your hostname... * *** Checking Ident * *** Your forward and reverse DNS do not match, ignoring hostname. * *** No Ident response * *** Banned autokilled: We suspect this host of participating in a botnet. Mail support at oftc.net if...

I have fail2ban on my mail server monitoring Dovecot and Exim. I have noticed that it has stopped banning IP's. I have seen in /var/log/fail2ban.log: 2020-04-07 09:42:05,875 fail2ban.filter [16138]: INFO [dovecot] Found 77.40.61.224 - 2020-04-07 09:42:05 2020-04-07 09:42:06,408 fail2ban.actions...

Is anyone using asterisk with fail2ban? I have it working except it takes way more break-in attempts than what is set in "maxretry" in jail.conf For example, I get an email saying: "The IP 199.204.45.19 has just been banned by Fail2Ban after 181 attempts against ASTERISK." when "maxretry = 5" in jail.conf...

Is there a functiaon to take the IP address of person who submits to a form example: <input id="user_ip" name="user[ip]" type="hidden" value="<%= some_ip_call %>" /> -- Posted via http://www.ruby-forum.com/.

I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon. As a quick overview, the program provides: - banning based on geographic location of source IP (Continent, country, region, city, etc) - detection and banning based on channels in use by a user - detection and banning based on rate of dialing - detection and banning based on common intrusion patterns - exclusion of banning based on ip masks (so y...

...uggest or believe iptables is the proper solution, please feel free to post that. Here are some of the things I would like to do 1) I have switched my SSH to a different port. I would like to still check for anyone trying to hit the old port 22 and log them. At the same time add them to a reject/ban for a certain period of time, lets say 1 day. 2) there are certain apache hacks (like things that include ../) that I would prefer to stop at the firewall. I would also like to log these attempts and begin a reject/ban for a certain period of time. Or just log until I figure out the best way to sa...

> > The event that triggers the ban does complete as normal, which is what I would > expect as the ban is triggered by the log entry which is *after* the failed > attempt. > > However, after the /var/log/fail2ban.log showed the IP as banned, I continue > to see entries in /var/log/exim/main.log What ban action do...

...d then add that ip to the deny hosts lists..for either a long or short time. Using this would seem like a win as you can easily grab someone before they can get somewhere one hopes. Also, by opening up a few other ports that are unusual like 8561....well, if someone sniffs that it could be a 3 day ban or a month... In other words, anyone hitting those ports that are not being used at all except by our sniff protector, would allow instant banning. So...does something like this exist?

Greetings all, I have been seeing a lot of [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: Sending fake auth rejection for device 100<sip:100 at 108.161.145.18>;tag=2e921697 in my logs lately. Is there a way to automatically ban IP address from attackers within asterisk ? Thank you