similar to: under some kind of attack

Hi, Thanks for the quick follow-ups! Much appreciated. After posting this, I immediately started working on fail2ban. And between my initial posting and now, fail2ban already blocked 114 IPs. I have fail2ban with maxretry=1 and bantime=1800 However, it seems almost all IPs are different, and I don't think I can keep the above settings permanently. Robert, your iptables suggestions are

Am 18.07.2017 um 21:44 schrieb mj: > Hi all, > > It seems we are under some kind of password guessing attack: > >> Jul 18 21:33:33 auth: Info: >> ldap(username1,103.6.223.61,<W7wLl5xUfABnBt89>): invalid credentials >> (given password: 1q2w3e4r5t) >> Jul 18 21:34:16 auth: Info: >> ldap(username1,221.4.61.180,<89WnmZxUrADdBD20>): invalid

Am 18.07.2017 um 22:15 schrieb mj: > Hi, > > Thanks for the quick follow-ups! Much appreciated. After posting this, I > immediately started working on fail2ban. And between my initial posting > and now, fail2ban already blocked 114 IPs. > > I have fail2ban with maxretry=1 and bantime=1800 > > However, it seems almost all IPs are different, and I don't think I can

Hi all, If I may, one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can

Hi Robert, On 07/18/2017 10:15 PM, mj wrote: > Robert, your iptables suggestions are _very_ interesting! However, will > they also work on imaps/993, because of the ssl? I have adjusted and put into place your iptables suggestion like this: > iptables -I INPUT -p tcp --dport 143 -m string --algo bm --string '1q2w3e4r' -j DROP > iptables -I INPUT -p tcp --dport 993 -m string

I'm trying samba-2.0.3 and can't make the passwd sync chat work. Here is the debug Invoking '/usr/bin/passwd papa' as password change program. [2000/03/04 21:58:22, 100] smbd/chgpasswd.c:talktochild(263) talktochild: chatbuf=[*] responsebuf=[Changing password for user papa New UNIX password: ] [2000/03/04 21:58:22, 100] smbd/chgpasswd.c:talktochild(276) talktochild:

I have concoted something that seems to work. And for the archives, this is it: > failregex = auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: .+ssword\) > auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: 1qaz2wsx\) > auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials \(given password: 123321\)

Okay, I have a server connected to the net but have not added fail2ban or anything on top of my firewall yet. Thought you guys might get a kick out of this one user, ip is from china, who has got a heck of a knack for making assumptions on possible usernames. Enjoy this..., 8000+ attempts. Scroll down for funky ones. I have no root access enabled on this server and it is pretty bare. Just using

Am 20.07.2017 um 12:28 schrieb mj: > I have concoted something that seems to work. And for the archives, this > is it: > >> failregex = auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: .+ssword\) >> auth: Info: ldap\(.+,<HOST>,.+\): invalid credentials >> \(given password: 1qaz2wsx\) >> auth: