[BlueOnyx:22929] Re: APF mystery - blocking BlueOnyx

[Colin Jack]

Hi Michael,

Turn off Dfix2 for a while and the problem will go away.

The ruleset it has is pretty compley and I've had my fair share of run
ins with it as well.

Give Fail2ban a try. It works much better.

Will do. It just seems odd that I don't see this on any of my other VPSs.

All the best

Colin 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22928] Re: APF mystery - blocking BlueOnyx

[Michael Stauber]

Hi Colin,

> I will have a read and see if I can get to the bottom of this.
> 
> Strange it should block BX though.

Turn off Dfix2 for a while and the problem will go away.

The ruleset it has is pretty compley and I've had my fair share of run
ins with it as well.

Give Fail2ban a try. It works much better.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22927] Re: Defective CLAM-AV defintions

[Michael Stauber]

Hi Gerrit,

> Short info: it seems there is a defective definition for CLAMAV.
> 
> You will see that there is an error in the maillog relating to
> Win.Exploit.CVE_2019_0903-6966169-0 
> 
> Email will get rejected with 5.7.1
> 
> Solution for now seems to freshclam and restart the services.

Many thanks for reporting this.

By the time I noticed the issue freshclam had already run again and had
purged the defective definitions.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22926] Defective CLAM-AV defintions

[Gerrit Haas]

Hi all,

Short info: it seems there is a defective definition for CLAMAV.

You will see that there is an error in the maillog relating to
Win.Exploit.CVE_2019_0903-6966169-0 

Email will get rejected with 5.7.1

Solution for now seems to freshclam and restart the services.

Cheers Gerrit




Mit freundlichen Grüßen aus Bad Vilbel
Gerrit Haas


---
blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel
Systemadministrator
Tel.: +49 6101 65788 32
IT-Support: +49 6101 65788 - 30
Fax: +49 6101 65788 99
eMail: gerrit.h...@blackpoint.de

Tel. Rufbereitschaft (Außerhalb der Arbeitszeiten) +49 6101 65788-40

Vertretungsberechtigt Dirk Estenfeld und Mario Di Rienzo HRB 50093 Frankfurt
am Main USt.-IdNr. de210106871

Besuchen Sie uns im Internet unter http://www.blackpoint.de
Problemlos Domains registrieren: http://www.edns.de
Einfach und günstig Daten sichern:
https://www.blackpoint.de/produkte/hosting/weitere-cloud-dienste/veeam-cloud
-connect/



Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message.
---


smime.p7s
Description: S/MIME cryptographic signature
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22925] Re: APF mystery - blocking BlueOnyx

[Colin Jack]

Thanks Meaulnes.

I will have a read and see if I can get to the bottom of this.
Strange it should block BX though.

Regards

Colin

From: Blueonyx  on behalf of "Meaulnes 
Legler @ MailList" 
Organization: WaveWeb
Reply-To: BlueOnyx General Mailing List 
Date: Monday, 27 May 2019 at 09:35
To: "blueonyx@mail.blueonyx.it" 
Subject: [BlueOnyx:22924] Re: APF mystery - blocking BlueOnyx


Hello Colin

there were some posts about DFix2/APF round May 5-6 in this list, read what 
happened there...

I was running APF, Dfix2 and Fail2ban on my servers, but I turned Dfix2 off 
because it is too fussy with users who entered a false password (e.g. 
connecting an old device or setting up a new one, at the Internet Café etc.), 
one's connection is banned by Dfix2 already after two attempts.

less /etc/apf/deny_hosts.rules

# added 83.76.86.xxx on 12/04/18 12:09:33 with comment: dFixblock2

83.76.86.xxx

Dfix2 is very compelling, but just too strict. And since I couldn't find out 
how to edit the rules in /etc/sec, I turned it off keeping APF and Fail2ban 
only.

No problems anymore. Until the next hack?:-(

Best regards
_⌢_
'¿')
`-´

 Meaulnes Legler


 Zurich, Switzerland


+41¦0 44 260 16 60


On 26.05.19 09:16, Colin Jack wrote:
Hi Greg,
Hi Colin.

Look at /var/log/sec for anything that might indicate if it was dFix that 
blocked. If you see something there, we can tune to prevent that happening 
again.

GK

I did grep the log for the BX IPs but no result.
It is very weird – but I do like to run DFix2/APF on all my VPS and this is the 
only one doing strange stuff.

I will have another look and see if I can locate anything.

Thanks

Colin

On 23 May 2019, at 3:27 am, Colin Jack 
mailto:co...@mainline.co.uk>> wrote:

I have a problem with one 5209R VPS that I cannot fathom.
I would be interested in some feedback.

I am running DFix2 / APF and APF appears to be blocking access to Blueonyx.it 
and also the Letsencrypt servers.
The GUI cannot get BX News or the shop.
LE renewals fail.

I haven’t touched any of the rules.

If I flush iptables it all starts working for a few hours.
If I disable AFP it all works.

I have looked in iptables for the BX IP but nothing.
Same with APF blacklist. Not listed.

I run DFix2 / APF on all my servers and don’t have a problem - except on this 
one.

Any thoughts (Michael/Greg)?

I have tried removing APF and re-installing without any luck.

Regards

Colin


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx




___

Blueonyx mailing list

Blueonyx@mail.blueonyx.it

http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22924] Re: APF mystery - blocking BlueOnyx

[Meaulnes Legler @ MailList]

Hello Colin

there were some posts about DFix2/APF round May 5-6 in this list, read what 
happened there...

I was running APF, Dfix2 and Fail2ban on my servers, but I turned Dfix2 off 
because it is too fussy with users who entered a false password (e.g. 
connecting an old device or setting up a new one, at the Internet Café etc.), 
one's connection is banned by Dfix2 already after two attempts.

less /etc/apf/deny_hosts.rules
# added 83.76.86.xxx on 12/04/18 12:09:33 with comment: dFixblock2
83.76.86.xxx

Dfix2 is very compelling, but just too strict. And since I couldn't find out 
how to edit the rules in /etc/sec, I turned it off keeping APF and Fail2ban 
only.

No problems anymore. Until the next hack?:-(

Best regards

_⌢_
'¿')
`-´  Meaulnes Legler

 Zurich, Switzerland

+41¦0 44 260 16 60


On 26.05.19 09:16, Colin Jack wrote:


Hi Greg,

Hi Colin.

Look at /var/log/sec for anything that might indicate if it was dFix that 
blocked. If you see something there, we can tune to prevent that happening 
again.

GK

I did grep the log for the BX IPs but no result.

It is very weird – but I do like to run DFix2/APF on all my VPS and this is the 
only one doing strange stuff.

I will have another look and see if I can locate anything.

Thanks

Colin

On 23 May 2019, at 3:27 am, Colin Jack mailto:co...@mainline.co.uk>> wrote:

I have a problem with one 5209R VPS that I cannot fathom.

I would be interested in some feedback.

I am running DFix2 / APF and APF appears to be blocking access to 
Blueonyx.it and also the Letsencrypt servers.

The GUI cannot get BX News or the shop.

LE renewals fail.

I haven’t touched any of the rules.

If I flush iptables it all starts working for a few hours.

If I disable AFP it all works.

I have looked in iptables for the BX IP but nothing.

Same with APF blacklist. Not listed.

I run DFix2 / APF on all my servers and don’t have a problem - except on 
this one.

Any thoughts (Michael/Greg)?

I have tried removing APF and re-installing without any luck.

Regards

Colin

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it 
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx