okay thank you for your explanation
On 08-Mar-11 19:43, Toma Bogdan wrote:
Hello,
If your system have shorewall as firewall solution management
we get 'action' statement from /etc/fail2ban/jail.conf
---
[qmail-pop3]
enable = true
filter = qmail-pop3
action = shorewall
Pak Ogah escribió:
On
07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried it also)
but, I saw
On 3/8/2011 11:18 AM, Pak Ogah wrote:
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and
re-formatting, I didn't know what that fail2ban meaning (I haven't
tried
On 07-Mar-11 21:49, Eric Shubert wrote:
Great job, Pak.
Thanks, Toma.
Pak, will you get this incorporated into the wiki?
TIA.
Ok Eric, it's done but since I just copy-paste as is and re-formatting,
I didn't know what that fail2ban meaning (I haven't tried it also)
but, I saw something weird. So
Hi.
matches either the Ip address or the hostname
Cheers
Finn
On 08-03-2011 09:04, Digital Instruments wrote:
Nice, that's great! :)
Just a little question: I don't get this (I've also read the
wiki but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26,
is an alias for a regular expression to find the ip address. Which
is defined in the code.
Succes,
Peter.
> Nice, that's great! :)
> Just a little question: I don't get this (I've also read the wiki
> but it's not clear)
>
> can you do an example, please?
>
> Thanks,
> Cheers!
>
> Il 05/03/20
Nice, that's great! :)
Just a little question: I don't get this (I've also read the wiki
but it's not clear)
can you do an example, please?
Thanks,
Cheers!
Il 05/03/2011 23:26, Sergio M ha scritto:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?ti
Used on Centos 5.5
>> /etc/fail2ban/filter.d/qmail-pop3.conf
--- start cut --
[Definition]
# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag
"" can
# be used for standard IP
Oke done, prettified with some minor changes
http://wiki.qmailtoaster.com/index.php/Fail2Ban
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under
I'll try to prettified for you :D
On 06-Mar-11 5:26, Sergio M wrote:
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albei
Eric Shubert escribió:
Timing
is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action="">
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albeit not much of one).
Hey guys, I created a basic article,
Eric Shubert escribió:
Timing is good on this. :)
http://wiki.qmailtoaster.com/index.php?title=Fail2Ban&action=edit
Have at it. I've added a link to this page under the Configuration->
Security section. It's a start (albeit not much of one).
I wrote some basic stuff, but it needs proper wiki
Eric,
Ill see what I can do. Ill review my old notes on adding it to my
system and what kind of config I used to have success.
I will also list the script that has the trigger for a honeypot
server.
Yes, Hackers are stupid because they are not using their talent fo
When I said "get a wiki started" I meant "create an article with some
substance"
that I can add to ;) You really don't want to let me loose on a brand new one.
- Original Message
From: Eric Shubert
To: qmailtoaster-list@qmailtoaster.com
Sent: Thu, March 3, 2011 10:25:20 AM
Subject:
It's funny that I should check back in. I just installed fail2ban to deal with
another issue, however realized it could stop a lot of RBL traffic if I just
banned IP addresses so also added it for qmail. If someone gets a wiki started,
I'd certainly look at contributing. (hence my previous post
On 03/02/2011 09:08 PM, David Milholen wrote:
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown into
and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
rofl, I doubt you will ever call an hacker "stupid". Prolly they are
just kids having fun.
+1000 on this solution.
It works for me. I also have a honeypot that these ips get thrown
into and trapped after so many attempts.
Stupid Hackers LOL:)
--Dave
On 3/1/2011 7:24 PM, Eric Shubert wrote:
Yes,
but the attacks appear to be coming from a va
DENYHOST works only for SSHD .
2011/3/2 Eric Shubert
> Hey Gustavo.
>
> I don't know about it, so I have no opinion. Please post a link to more
> info. Thanks.
>
> If someone else has some thoughts on this, please chime in.
>
> --
> -Eric 'shubes'
>
>
> On 03/02/2011 10:49 AM, Gustavo De Po
Eric: hi, sorry im a new here (principiant), wath do you think about
DENYHOST, insted of fail2ban
i use DENYHOST as a service and work good.
Gustavo
2011/3/1 Eric Shubert
> Yes, but the attacks appear to be coming from a variety of addresses.
> fail2ban will do essentially this automaticall
a page on the wiki sounds like a hero of a thing .
I know that i would like some wisdom on how to implement fail2ban with
my qmailtoaster
On 3/1/2011 9:40 PM, Eric Shubert wrote:
If CJ got it working, then I expect that just about anyone can do it. ;)
JK CJ. Would you care to create a page on
Hi all.
I installed and is using fail2ban after Eric wrote about it long time ago.
It works perfectly and is doing a nice job blocking different attemps on
my server. (Iptables drop )
I am using dovecot and is having fail2ban checking the dovecot log for
bad password attempts (amongst other
Trouble is Fail2Ban requires the shorewall firewall!
At least if you use the rpm's.
On 02/03/2011 3:58 PM, Maxwell Smart wrote:
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum in
I actually use OSSECHIDS for this type of attack. I use fail2ban for
ftp and ssh.
Ole is the chap that knows fail2ban for Qmail. You can install it now
using yum install fail2ban instead of compiling.
On 03/01/2011 06:40 PM, Eric Shubert wrote:
> If CJ got it working, then I expect that just ab
I think he said he is not an user yet, but i am looking at:
http://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg23951.html
Tony White escribió:
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be
Eric,
Do you have Fail2Ban working with the
qmail logs?
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is much better s
Eric Shubert escribió:
Sergio,
.) Be sure you're running the latest spamdyke (4.2.0). 4.1.x versions
had a bug where rejected sessions would not terminate immediately,
causing excessive idle smtp sessions (and ultimately TIMEOUTs). That
may no be affecting you, but you should check to be sure
Agreed Eric, but this is a VERY quick simple fix when the thing starts!
On 02/03/2011 12:24 PM, Eric Shubert wrote:
Yes, but the attacks appear to be coming from a variety of addresses. fail2ban will do essentially this automatically and
for whatever addresses attacks may come from. fail2ban is
27 matches
Mail list logo