fail2ban by default only bans an IP for 10 minutes, and that's configurable. It can also email you anytime it imposes a ban, so one can keep an eye on things at least in the beginning to see if it's causing a problem for legitimate users.
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <ggat...@waddell.com> wrote: > Be careful of automated responses. What if someone spoofs IP's of legit > users / customers / whatever and your automated response blocks them? Not > good. > > I thought about blocking....well, never mind - might pi$$ someone off and > attract unwanted attention... > > -----Original Message----- > From: owner-freebsd-questi...@freebsd.org > [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson > Sent: Thursday, March 03, 2011 5:58 PM > To: Jorge Biquez > Cc: freebsd-questions@freebsd.org > Subject: Re: Simplest way to deny access to a class C > > You might consider mod_security (/usr/ports/www/mod_security) which > can be set up to ban hosts based on behaviour or characteristics. > > Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in > that it scans whatever logs you want, and can trigger a block in your > firewall if enough violating log entries are found within a particular > period of time. Everything is totally configurable, and there are > plenty of examples that come with it. > > Patrick > > > On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiq...@intranet.com.mx> wrote: >> Hello all. >> >> I am sorry in advance if this question sounds too stupid. >> >> I have a small server for personal use of webpages running: >> >> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 >> >> it is working fine , no problem very stable. >> >> I just need to block some IP class C address that are always trying to >> "discover" directories or applications under the web server. They do not do >> and can not do anything since this server has nothing installed but i am >> tired of seeing in the logs all the intents they do every 2-3 seconds. >> >> I have not installed any kind of firewall yet. >> What do you think is the best way to accomplish this task? If possible the >> easiest one. I do not want to do anything else but just bloc IP's, at this >> moment at least. >> >> Thanks in advance. >> >> Jorge Biquez >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"