WARNING:
You receive this message on the old GnuGk mailinglist that will go away soon.
Please re-subscribe for the new mailinglist at
https://lists.gnugk.org/cgi-bin/mailman/listinfo/gnugk-users
Hi,
when you run the GNU Gatekeeper, you can block spam calls from the well
known bots ("MERA RU", "SimpleOPAL" etc.) eg. using a small LUA script
in your config.
But that alone doesn't stop the load on the server, because often these
bots keep on making calls.
Fail2ban to the rescue!
With this filter definition in /etc/fail2ban/filter.d/gnugk.conf you can
check fro rejected calls:
[Definition]
failregex = Dropping call CRV=[0-9]+ from <HOST>:[0-9]+ due to Setup
authentication failure ignoreregex =
And then you can add this jail definition to /etc/fail2ban/jail.local
to block the IP:
[gnugk]
enabled = true
logpath = /var/log/gnugk.log
filter = gnugk
bantime = 6000
maxretry = 2
action = iptables[name=GnuGk, port=1720, protocol=tcp]
Voila!
--
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : [email protected]
Website: https://www.gnugk.org
Support: https://www.willamowius.com/gnugk-support.html
Relaxed Communications GmbH
Frahmredder 91, 22393 Hamburg, Germany
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584
_______________________________________________________
Posting: mailto:[email protected]
Archive:
https://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: https://www.gnugk.org/
