Displaying 20 results from an estimated 3000 matches similar to: "fail2ban"
2017 Mar 01
3
fail2ban Asterisk 13.13.1
Hello, fail2ban does not ban offending IP.
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for 'offending-IP:53417' - Wrong
password
NOTICE[29784] chan_sip.c: Registration from
'"user3"<sip:1005 at asterisk-ip:5060>' failed for ?offending-IP:53911' -
Wrong password
systemctl status
2017 Jul 27
1
under another kind of attack
> On 26 Jul 2017, at 7:57 pm, Olaf Hopp <Olaf.Hopp at kit.edu> wrote:
>
> Dear collegues,
>
> many thanks for your valuable input.
>
> Since we are an university GEO-IP blocking is not an option for us.
> Somestimes I think it should ;-)
>
> My "mistake" was that I had just *one* fail2ban filter for both cases:
> "wrong password" and
2017 Jul 29
1
under another kind of attack
Hi to all,
@Olaf Hopp I've this filter enabled for fail2ban, my question is: could
my filters overlap or interfere with those suggested by you?
this is my filter:
Contents of /etc/fail2ban/jail.conf:
[postfix]
# Ban for 10 minutes if it fails 6 times within 10 minutes
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 6
bantime = 600
2017 Mar 02
3
fail2ban Asterisk 13.13.1
If this is a small site, I recommend you download the free version of SecAst
(www.telium.ca <http://www.telium.ca> ) and replace fail2ban. SecAst does
NOT use the log file, or regexes, to match etc.instead it talks to Asterisk
through the AMI to extract security information. Messing with regexes is a
losing battle, and the lag in reading logs can allow an attacker 100+
registration
2018 May 17
2
Decoding SIP register hack
I need some help understanding SIP dialog. Some actor is trying to
access my server, but I can't figure out what he's trying to do ,or how.
I'm getting a lot of these warnings.
[May 17 10:08:08] WARNING[1532]: chan_sip.c:4068 retrans_pkt:
Retransmission timeout reached on transmission
_zIr9tDtBxeTVTY5F7z8kD7R.. for seqno 101
With SIP DEBUG I tracked the Call-ID to this INVITE :
2017 Dec 16
7
ot: fail2ban dovecot setup
I'm trying to setup and test fail2ban with dovecot
I've installed fail2ban, I've copied config from
https://wiki2.dovecot.org/HowTo/Fail2Ban, and, trying to test it,
attempted multiple mail access with wrong password, but, get this:
# fail2ban-client status dovecot-pop3imap
Status for the jail: dovecot-pop3imap
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File
2009 Mar 14
3
Account lockout option?
I'm currently using postfix and dovecot, with dovecot authentication
(with saslauthd) using mysql for accounts
Is there any option available for me to help inhibit/prevent
brute-force login attempts?
Thx.
Rick
Rick Steeves
http://www.sinister.net
"The journey is the destination"
2015 Sep 13
4
Fail2ban
Hello
I'm using the Fail2ban. I configuration below. I want to try to
prevent the continuous password. Fail2ban password that does not
prevent this form. (Asterisk 1.8 / Elastix interface)
What could be the problem ?
Asterisk log;
"Registration from '<sip:3060 at sip.x.eu;transport=UDP>' failed for
'x.x.x.x:32956' - Wrong password"
Fail2ban asterisk
2012 Apr 20
2
fail2ban attempt, anyone want to add anything?
Tonight I added fail2ban to one of my webservers to test it out.
Here is my step by step, as best as I could figure it
out...documentation a bit sketchy.
feel free to add anything to it or suggest changes.
I tried to set it up to deal with ssh, http authentication, dovecot,
ftp, and postfix
I could find no working example for centos 6 and there is no fail2ban
book available to peruse.
So,
2019 Apr 09
1
Editing fail2ban page?
In https://wiki.dovecot.org/HowTo/Fail2Ban, for a current (I know for
a fact in 2.2.36) I believe it should be
filter = dovecot
instead of
filter = dovecot-pop3imap
[root at mail ~]# ls -l /etc/fail2ban/filter.d/doveco*
-rw-r--r-- 1 root root 1875 May 11 2017 /etc/fail2ban/filter.d/dovecot.conf
[root at mail ~]#
2020 May 22
3
fail2ban setup centos 7 not picking auth fail?
On Fri, May 22, 2020 2:05 pm, Adi Pircalabu wrote:
> On 22-05-2020 10:38, Voytek Eymont wrote:
>
> Hardly a Dovecot issue. Can you please post the output of this command?
> /usr/bin/fail2ban-regex /var/log/dovecot.log
> /etc/fail2ban/filter.d/dovecot.conf
Adi,
thanks, what I get is:
# /usr/bin/fail2ban-regex /var/log/dovecot.log
/etc/fail2ban/filter.d/dovecot.conf
Running
2017 Jul 25
10
under another kind of attack
Hi folks,
"somehow" similar to the thread "under some kind oof attack" started by "MJ":
I have dovecot shielded by fail2ban which works fine.
But since a few days I see many many IPs per day knocking on
my doors with wron password and/or users. But the rate at which they are knocking
is very very low. So fail2ban will never catch them.
For example one IP:
Jul 25
2019 Apr 26
5
faI2ban detecting and banning but nothing happens
On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn wrote:
> > I've followed one of the pages on line specifically for installing fail2ban on
> > Centos 7 and all looks fine.
>
> Which page? It would help to see what they advised.
> On Friday 19 April 2019 16:15:32 Kenneth Porter wrote:
> On 4/19/2019 5:30 AM, Gary Stainburn
2018 May 17
3
Decoding SIP register hack
On 05/17/2018 11:38 AM, Frank Vanoni wrote:
> On Thu, 2018-05-17 at 11:18 -0400, sean darcy wrote:
>
>> 3. How do I set up the server to block these ?
>>
>> 4. Can I stop the retransmitting of the 401 Unauthorized packets ?
>
> I'm happy with Fail2Ban protecting my Asterisk 13. Here is my
> configuration:
>
> in /etc/asterisk/logger.conf:
>
>
2008 Sep 15
2
fail2ban 0.8
Does anyone have the filter strings for Fail2Ban 0.8 to block Dovecot 1.1 login
failures?
Thanks!
Ciao,
luigi
--
/
+--[Luigi Rosa]--
\
If the odds are a million to one against something occurring,
chances are 50-50 it will.
2015 Sep 14
2
Fail2ban
I solved the problem. "action.d/iptables-custom.conf" include only udp.
service fail2ban restart
Thank you.
On Sun, Sep 13, 2015 at 9:17 PM, Andres <andres at telesip.net> wrote:
> On 9/13/15 11:16 AM, Gokan Atmaca wrote:
>>
>> Hello
>>
>> I'm using the Fail2ban. I configuration below. I want to try to
>> prevent the continuous password.
2017 Sep 11
3
Fail2ban 'Password mismatch' regex
I have turned on 'auth_debug_passwords=yes? in dovecot.conf.
I?m trying to get Fail2ban to detect this log line:
Sep 11 15:52:49 mail dovecot[54239]: auth-worker(10094): sql(user at bordo.com.au <mailto:user at bordo.com.au>,::1,<L2xqieNYeM4AAAAAAAAAAAAAAAAAAAAB>): Password mismatch (given password: 2)
I?ve added it as the last line of my dovecot filter regex:
failregex =
2011 Aug 09
3
fail2ban help
Hello list.
I have a question for fail2ban for bad logins on sasl.
I use sasl, sendmail and cyrus-imapd.
In jail.conf I use the following syntax:
[sasl-iptables]
enabled = true
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, dest=my at email]
logpath = /var/log/maillog
maxretry = 6
and the following filter:
2015 Jan 08
4
SEMI OFF-TOPIC - Fail2ban
Hi list , someone on the list has seen this type of connection
attempts in asterisk, fail2ban does not stop
2015-01-08 14:59:47] SECURITY[21515] res_security_log.c:
SecurityEvent="ChallengeSent",EventTV="1420750787-386840",Severity="Informational",Service="SIP",EventVersion="1",AccountID="sip:100 at
2016 Mar 10
0
[ISC Crosspost] Novel method for slowing down Locky on Samba server using fail2ban
From: bounces at isc.sans.edu
To: sbradcpa at pacbell.net <sbradcpa at pacbell.net>
Novel method for slowing down Locky on Samba server using fail2ban
https://isc.sans.edu/diary.html?n&storyid=20805
http://www.heise.de/security/artikel/Erpressungs-Trojaner-wie-Locky-aussperren-3120956.html
Google Translate version of above:
If you teach the Samba server to monitor and write Rename