Thanks to everyone that replied to this. I'm still investigating. I'm
running Ubuntu, which is on 0.10.2.
I could not find a deb package for v0.11, so I started making one, using
the debian package files from 0.10.2 as a starting point. I have it
building now, but 4 of the tests fail. Is
> "AC" == Amir Caspi writes:
AC> Escalating bantime is a feature in v0.11. Unfortunately not
AC> available in v0.10 or earlier.
I have some locally updated Fedora packages for Fedora which I use here;
the feature works well. I use the following settings:
bantime = 6m
bantime.increment =
Escalating bantime is a feature in v0.11. Unfortunately not available in v0.10
or earlier.
However, you could use a looped version of the recidive jail -- see the
following for an example (though it will likely need to be modified, perhaps
significantly, for your specific setup):
The "recidive" jail is also useful for this. We use it a variety of
places, most commonly it's set to ban for 1 week. The really
persistent IPs stay banned almost all the time, and just get a
couple of attempts per week.
An escalating ban time would be more flexible, but recidive is a
useful
I ban /24 subnets in a postfix jail where there is no reverse DNS (PTR)
record. Typically this is for users on dynamic IP's, so if one is
dynamic or has no PTR record I assume the whole /24 subnet is the same.
I also throw into this any /24 subnet from dynamic.163data.com.cn as
they are
The attackers I see are persistent. When the ban expires, they continue
their attack.
I would like to have an escalating ban time for repeat offenders.
Another factor that could play into it is the number of attacking hosts
from the same ISP. Having the ban time be a bit of python code