Hello!
Am Montag, dem 12.08.2024 um 15:54 -0700 schrieb Harold Hallikainen
via Fail2ban-users:
> When I use fail2ban-client to ban a specific IP, I usually see a 0
> or 1 response.
I see those when unbanning a specific address. The answer of "1" means
that the address was found in my ruleset and
Am Donnerstag, dem 30.05.2024 um 20:37 -0400 schrieb Alex:
>
> Ideally, I'd like to not have to modify that regexp and be able to
> add my own, much like what appears to be happening with mdre-errors.
You don't have to. Append your own rules in a new line and test your
changed rule file with
Hello!
Am Montag, dem 13.11.2023 um 18:48 +0100 schrieb
sebast...@debianfan.de:
>
> With debian 12, these log files are no longer available in the
> standard
> customizing - everything runs via journalctl.
Logging output can usually be customized in the configuration files of
the daemon. Which
Am Freitag, dem 08.09.2023 um 15:42 +0200 schrieb lejeczek via
> how can that be?
Hello L.!
Welcome to the list! We can help you more specific with more specific
information. That IP address is from the 10.x.x.x range which is not
resolved by public DNS. What does
grep "Ban" /var/log/f
[higher-level config not quoted]
Hello Nick!
Thanks a lot! I'll have a look at the link you sent. I'll try the
config the way you suggested. We rather have too many than too few
mails.
Bye,
tim
--
Hear about...
the insurance salesman who says his greatest successes are
Am Donnerstag, dem 22.06.2023 um 16:27 +0100 schrieb Nick Howitt via
Fail2ban-users:
> Don't allow authentication on 25!
I second that. Port 25 is without encryption, so i don't offer auth
there - only on 587.
Apart from that, stolen passwords were tried for login via port 587.
This is reduced qu
Hello!
Is anything interesting being logged when you restart or stop the
service? Sounds like unbanning fails which should be logged (here it
would be /var/log/fail2ban.log).
Cheers,
tim
--
Kids, don't gross me off ... "Adventures with MENTAL HYGIENE" can be
carried too FAR!
__
Am Freitag, dem 21.04.2023 um 15:32 -0400 schrieb Wayne Sallee via
Fail2ban-users:
>
> Looking at my test, you can see that I copied logs into the testing
> log file, so that fail2ban would see the new entries.
You can do so with fail2ban-regex, but (as far as i know/experience)
not with fail2ban
Furthermore, the "Unsubscribe" link is further down the website. A
little scrolling would have made it visible...
I already hinted at that address.
Am Sonntag, dem 09.04.2023 um 19:33 +0200 schrieb Aaron Schaal:
> To unsubscribe , just click on
> https://sourceforge.net/projects/fail2ban/lists/fa
Am Dienstag, dem 14.02.2023 um 08:31 +0100 schrieb Wolfgang Paul
Rauchholz:
> I thought because I am using firewalld that would be the right thing
> to do. Obviously not.
> Anyway, I changed the config file, but still the same error message.
Some lines of /var/log/fail2ban.log containing error mes
Hello Wolfgang!
Your fail2ban fails to ban ;-) because the execution of your banaction
failed. According to your config, the command is
firewallcmd-rich-rules[actiontype=]
At least i never heard of such a command. Did you copy the config from
some web site?
You might try replacing this by
In other words: Which failregex cause the block of valid users?
Cheers,
tim
Am Sonntag, dem 21.08.2022 um 16:25 +0100 schrieb Philip Clarke via
Fail2ban-users:
> Surely the fundamental problem would be to work out why valid users
> are being blocked?
>
> > On 20 Aug 2022, at 19:12, Grah
Am Dienstag, dem 22.02.2022 um 10:38 -0700 schrieb James Moe via
Fail2ban-users:
> Status for the jail: assp-4
> - Filter
> |- Currently failed: 0
> |- Total failed: 5
> `- File list: /usr/local/bin/assp2/logs/maillog.txt
> `- Actions
> |- Currently banned: 17
> |- Total banned:
Hello,
i'm running Debian Linux and have only edited the filters for the
services i use. The cyrus filter was used the first time yesterday
since i don't run cyrus.
Greetings,
tim
___
Fail2ban-users mailing list
Fail2ban-users@lists.sourcefor
Hello Andrea!
I don't use Cyrus, so my filter.d/cyrus-imap.conf was the default one.
The failregex is
failregex = ^%(__prefix_line)sbadlogin: [^\[]*\[\] \S+
.*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$
(line break added by mail client)
and it matches a file i created with y
Am Donnerstag, dem 28.10.2021 um 18:25 +0200 schrieb Andrea Venturoli:
>
> > # fail2ban-regex "Oct 28 17:42:02 imaps[93940]: badlogin:
> > [1.2.3.4] plaintext yyy SASL(-13): authentication failure:
> > checkpass failed" 'badlogin: [^\[]*\[\] \S+ .*?\[?SASL\(-
> > 13\): (authentication fai
Am Sonntag, dem 17.10.2021 um 13:33 -0400 schrieb Krzysztof Adamski:
>
> ... dovecot: imap-login: Disconnected (auth failed, 4 attempts in 53
> secs): user=
> What I was thinking is that "4 attempts" should be counted as 4
> instead of as 1.
Hello Krzysztof!
I suggest a different solution: Confi
Hello Yassine,
Am Mittwoch, dem 13.10.2021 um 15:30 +0100 schrieb Yassine Chaouche:
>
> Oct 13 13:17:53 auth-worker(48469): Info: sql(rai,20.89.58.29):
> unknown user
have you tried this rule?
Info: sql(.*,): unknown user
It matches fine in fail2ban-regex.
Cheers,
tim
_
Hello!
A few days ago my home router got banned by my web server for
repeated offenses that are not to be found in the (server) logs.
A few examples:
2021-08-30 14:21:02,441 fail2ban.filter [27785]: INFO
[apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f -
2021-08-30 08:54:08
fa
Am Freitag, dem 27.08.2021 um 09:20 +0100 schrieb Myron:
>
> I have, so far, tested the failregex on a regexp expression
> evaluator and the match is successful. I don't know how to debug
> this using fail2ban tools.
Hi!
Take the appropriate tool called fail2ban-regex.
Situation:
Hello Myron, hello list!
Am Donnerstag, dem 26.08.2021 um 19:24 +0100 schrieb Myron:
>
> 2021-08-26 01:28:41.847 Connection "CID-584" terminated by the cause
> "A client which is non-SoftEther VPN software has connected to the
> port." (code 5).
> 2021-08-26 01:28:41.857 Connection "CID-584" has
21 matches
Mail list logo
