[juneau-lug] fail2ban

  • From: Jamie <jamie@xxxxxxxxxxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Wed, 16 Dec 2009 11:41:20 -0900

I'm happy to report success using fail2ban: 
http://www.fail2ban.org/wiki/index.php/Main_Page.  This is a series of 
Python scripts that monitor your log files and can update your firewall 
on the fly.  Now the script kiddies get one chance to rattle my Apache 
doors.  Maybe others get log files like mine also?
> rps7436.ovh.net - - [16/Jun/2009:14:40:33 -0800] "GET HTTP/1.1 
> HTTP/1.1" 400 303 "-" "Toata dragostea mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:33 -0800] "GET 
> /roundcube//bin/msgimport HTTP/1.1" 404 299 "-" "Toata dragostea mea 
> pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:34 -0800] "GET 
> /rc//bin/msgimport HTTP/1.1" 404 292 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:34 -0800] "GET 
> /mss2//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET 
> /mail//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET 
> /mail2//bin/msgimport HTTP/1.1" 404 295 "-" "Toata dragostea mea 
> pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:35 -0800] "GET 
> /roundcubemail//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea 
> mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:36 -0800] "GET 
> /rms//bin/msgimport HTTP/1.1" 404 293 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:36 -0800] "GET 
> /webmail2//bin/msgimport HTTP/1.1" 404 298 "-" "Toata dragostea mea 
> pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET 
> /webmail//bin/msgimport HTTP/1.1" 404 297 "-" "Toata dragostea mea 
> pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET 
> /wm//bin/msgimport HTTP/1.1" 404 292 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:37 -0800] "GET /bin/msgimport 
> HTTP/1.1" 404 288 "-" "Toata dragostea mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:38 -0800] "GET 
> /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 307 "-" "Toata 
> dragostea mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:38 -0800] "GET 
> /roundcubemail-0.2//bin/msgimport HTTP/1.1" 404 307 "-" "Toata 
> dragostea mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET 
> /roundcube-0.1//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea 
> mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET 
> /roundcube-0.2//bin/msgimport HTTP/1.1" 404 303 "-" "Toata dragostea 
> mea pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:39 -0800] "GET 
> /round//bin/msgimport HTTP/1.1" 404 295 "-" "Toata dragostea mea 
> pentru diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:40 -0800] "GET 
> /cube//bin/msgimport HTTP/1.1" 404 294 "-" "Toata dragostea mea pentru 
> diavola"
> rps7436.ovh.net - - [16/Jun/2009:14:40:40 -0800] "GET  HTTP/1.1" 400 
> 309 "-" "-"
Why should they get a second chance when they are up to no good?  
Fail2ban is highly customizable and can be used for website, email, 
signon, or other logs.  Likewise the actions can be customized also: ban 
IP temporarily or permanently by changing iptables or shorewall, update 
hosts.deny, send an email or alert, etc. 

This has also helped to cut down on spam by setting up some rules for my 
maillog. 


-- 
Browns Homepage - newest pics: 17 Oct 2009 - http://jdb.homelinux.net 
--
Registered Linux User No: 187845  http://counter.li.org/ 

------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  • » [juneau-lug] fail2ban - Jamie