User talk:Lostcontrol

From Fail2ban
Jump to: navigation, search

LostControl,

First let me thank you for fail2ban. It seems great!

I have two suggestions:

  • Make a "contrib" place for uses to publish their own filters/actions. I've started writing one and would be happy to put it someplace for others to use, but where should I put it? I'd like to see some "contrib" place for unsupported user contributed add-ons.
  • Some way to tell the program to start banning from the top of the log files. Every time log rotate comes in, all bans are dropped. I'm going to give it a try on this...

John Harris / Dir of IT for ECE @ Virginia Tech / 8 Dec 2008


Thanks for fail2ban which I just installed from Mandriva. I made some changes on your Wiki site.

  • Your Wiki has been recently open but already (mildly) spammed because of anonymous access. Could fail2ban been used in order to temporarily ban the IP adress of the spammers? It would be great?
  • Your MediaWiki software version is 1.6.7 (http://fail2ban.sourceforge.net/wiki/index.php?title=Special:Version), it doesn't enable alerts from the Watchlist by email. Shouldn't you upgrade to 1.8.2 or higher. Recent versions have new tables to prevent more from spammers.

--NBrouard 02:13, 9 January 2007 (PST)


Thank you for your contribution.

  • Mmmhh... Great idea :) The problem is how to detect a spammer? Reading access_log? This website is hosted by Sourceforge. I'm not sure if I can access Apache logs.
  • I really would like to upgrade to 1.8. However, the PHP version on the Sourceforge servers are still 4.x. So I have to stick to 1.6, the latest version that is working with PHP 4 :(

--Lostcontrol 14:42, 9 January 2007 (PST)

Ban time

Is there is something planned about enforcing ban time ? I will take my own server for example, I've got of ssh bruteforce on it, actually from the same IP, it get banned each time, but each time for the same amout of time. It will be great to have a way to enforce ban time, ie, the first time, only 10min, the second time, 30min, the third, 1hour, and for example, the 6th time the IP get a definitive ban.

I think it should be a great thing - Godzil --86.202.142.176 13:51, 9 March 2008 (CET)

ok

καλα θα ''''δουμε'''' τι γινεται.


Change default email address

The default domain used in jail.conf is "dest=you@mail.com". Unfortunately, mail.com is a vaild domain, owned by AOL, and sending too much invalid email to that domain may get the server's IP address blacklisted.

The IANA has reserved "example.com" and a few others for testing purposes. These are guaranteed to not be valid. The default in jail.conf should probably be changed.

Not a big deal, but it's much easier to not annoy AOL than it is to "un-annoy" them.

Terry

Support other date/time format

Please contact the author in order to get support for this format:

2011.07.11 21:09:40 host(daemon.debug) fail2ban.filter : DEBUG Found a match for '2011.07.11 21:09:39 host(auth.info) sshd[19750]: Invalid user serial from 202.102.52.202 2011.07.11 21:09:40 host(user.notice) ' but no valid date/time found for '2011.07.11 21:09:39 host(auth.info) sshd[19750]: Invalid user serial from 202.102.52.202 2011.07.11 21:09:40 host(user.notice) '. Please contact the author in order to get support for this format

I use syslog-ng destination d_messages { file("/var/log/messages" template("$R_YEAR.$R_MONTH.$R_DAY $R_HOUR:$R_MIN:$R_SEC $HOST($FACILITY.$PRIORITY) $MSGHDR$MSG\n") ); };