Am 26.07.2016 um 19:55 schrieb Lefteris Tsintjelis:
> On 26 Jul 2016, at 20:36, Benny Pedersen <m...@junc.eu> wrote:
>>
>> fail2ban based on pbl, but in fail2ban whitelist isp you have users in
> 
> Is log parsing the only way?
> 

fail2ban is a good choice

iptables with string and recent is another
way

like

https://sys4.de/de/blog/2015/11/07/abwehr-des-botnets-pushdo-cutwail-ehlo-ylmf-pc-mit-iptables-string-recent-smtp/

or

https://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/

but it may overkill your server and examples may not fit your problem
exactly


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Reply via email to