similar to: Asterisk intrusion detection/prevention, georgaphic IP banning, etc. (new software)

<div dir='auto'>Iptables or ipfw you always can create tables / chains and feed those with desirable IP's to ban.<div dir="auto"><br></div><div dir="auto">Something like fail2ban does. Make a big list, remove one or other IP.</div><div dir="auto"><br></div><div dir="auto">On my setup, I

Dear all, what are the key strategies for intrusion prevention and detection with dovecot, apart from installing fail2ban? It is a pity that the IMAP protocol does not support 2 factor authentication, which seems to stop 90% of intrusion attempts in their tracks. Without it, if someone has obtained your password and reads your mail without modifying it, you will hardly ever notice. Is there a

<div dir='auto'>Usually I use pfsense as main firewall with snort blocking all kind of scans and others.<div dir="auto"><br></div><div dir="auto">Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If Freebsd</div><div dir="auto"><br></div><div

Hi, We are using CTDB version 1.0.77 and yesterday we saw an instance of node running into issues and banning itself to recover (as listed below): node1: 2009/07/29 23:23:37.748251 [22371]: Banning node 0 for 300 seconds 2009/07/29 23:23:37.748263 [22371]: self ban - lowering our election priority 2009/07/29 23:23:37.748503 [22275]: This node has been banned - forcing freeze and recovery Now

> > > > /var/log/fail2ban.log is showing that it's working: > > I have seem similar odd behaviour with f2b with other filters. > Try to uninstall the package > fail2ban-systemd > and stop and start fail2ban again. > This might change its behavior to the better. > The fail2ban-systemd package configures fail2ban to use systemd journal for log input. The OP

On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and

Hello, We are using CTDB / Samba to serve a number of windows users, at this point around 1200. We have a 4 node CTDB setup. CTDB version - ctdb-1.0.114.7-1 Samba Version - sernet-samba-4.1.16-10 In recent months we've seen a big problem when 1 of the CTDB nodes is stopped or disconnected either manually or resulting from a problem. On some occasions, all other nodes get banned if a node

On 2020-04-22 18:45, Sami Ketola wrote: > Actually by far the biggest source of stolen credentials is > viruses/trojans harvesting them. i tryed blacklist all ips that got passwords errors, but that ends in big shorewall blrules so i turn it over to just add whitelist into blrules where ips is known custommers that dont abuse server, that way my shorewall got alot smaller config files

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 22/04/2020 19:56 Benny Pedersen < <a href="mailto:me@junc.eu">me@junc.eu</a>> wrote: </div> <div> <br>

*Hello, * *I am writing you in regards to the current version of **Icecast 2.4.2* *I am wondering if there is a security descriptor in place for banning IPs within the script for Icecast, and if there is how it would be done?******Thank You for your insight into this, as it has been a bit of an issue with some of our clients having issues with bots ****lately and having this available with

Can't replace xml, because iam using third server, not my server Pada tanggal Sab, 9 Mar 2019 17.17 Thomas B. Rücker <thomas at ruecker.fi menulis: > Hi, > > On 3/9/19 10:03 AM, Christopher Moore wrote: > > *Hello, * > > *I am writing you in regards to the current version of **Icecast 2.4.2* > > > Please note that 2.4.4 is the current (security) release of

> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to

I find csf/lfd much easier to configure and can be used in combination with fail2ban. Gary Stainburn <gary.stainburn at ringways.co.uk> wrote: >I've followed one of the pages on line specifically for installing fail2ban on >Centos 7 and all looks fine. > >I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on >another page: > >

> > The event that triggers the ban does complete as normal, which is what I would > expect as the ban is triggered by the log entry which is *after* the failed > attempt. > > However, after the /var/log/fail2ban.log showed the IP as banned, I continue > to see entries in /var/log/exim/main.log What ban action do you use? If it's something like iptables-multiport,

> I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested on > another page: The standard exim.conf already has a 535 filter. Was that not working for you? > > \[<HOST>\]: 535 Incorrect authentication data > > which appears to be successfully matchnig lines in /var/log/exim/mail.log such > as > > 2019-04-19 13:06:10 dovecot_plain

On Friday 19 April 2019 15:19:26 Pete Biggs wrote: > > I've added a fail regex to /etc/fail2ban/filter.d/exim.conf as suggested > > on another page: > > The standard exim.conf already has a 535 filter. Was that not working > for you? I was following the instructions as shown on the page. I did find after sending my post that there was already a regex in the standard

On Saturday 20 April 2019 00:32:43 Pete Biggs wrote: > What ban action do you use? If it's something like iptables-multiport, > then I wonder if the fact that it's detecting the failures as > '[dovecot]' means that it's using the dovecot ports, not the exim > ports, when applying the iptable rule. > > When a host has been banned, can you look at the

> > I did wonder that myself. I have now amended to Dovecot definition in jail.conf to: > > [dovecot] > > port = pop3,pop3s,imap,imaps,submission,sieve,25,1025,465,587 > logpath = %(dovecot_log)s > backend = %(dovecot_backend)s > > I then unbanned and banned each IP address manually with Did you reload the configuration? ("fail2ban-client reload")

On Monday 29 April 2019 02:21:05 Gordon Messmer wrote: > That's one approach.? I believe that you could modify fewer files by > setting "port = 0:65535" in your definition in "jail.local" and not > install firewallcmd-ipset.local. I have just tried this, and re-started fail2ban. It does not seem to have worked. I have looked at /var/log/exim/main.log and found

On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn wrote: > > I've followed one of the pages on line specifically for installing fail2ban on > > Centos 7 and all looks fine. > > Which page? It would help to see what they advised. > On Friday 19 April 2019 16:15:32 Kenneth Porter wrote: > On 4/19/2019 5:30 AM, Gary Stainburn