1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Using fail2ban to automagically ban IP's

Discussion in 'Security' started by Da Nag, Oct 12, 2007.

  1. #1
    Didn't see any hits here on fail2ban - anyone else using it to dynamically block nefarious IP's?

    So far, it seems pretty slick. I recently installed it on a new dedicated debian box, and it's nailing 10-15 bad guys a day. It scans system logs looking for failed logins, and dynamically adds an IPTABLES rule to drop connections from the offending IP once a configured threshold is met.

    Configuration is pretty easy - I took most of the defaults, but did add two static IP's to the exclusion list for hosts sites I connect from. Wouldn't want to get locked out of my own server...

    SSH log scans are the only service enabled by default, but it's pretty easy to activate it for ftp, apache and postfix as well.
     
    Da Nag, Oct 12, 2007 IP
  2. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I've never used it but it sounds like a good tool.

    Are you able to configure the rules it adds to IPTables ? I was wondering if you could block just port 22 and leave port 80 available to them, just in case it's one of your regular users with some malware on his system that's attempting the logins.

    Also, is it capable of adding rules to another Firewall, such as ipfw or ipf ?
     
    Ladadadada, Oct 14, 2007 IP
  3. Da Nag

    Da Nag Peon

    Messages:
    30
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    You can block whatever you wish, by tweaking the config file - it's pretty flexible. At least on Debian, the config file is pretty well documented, showing your options.

    I've no experience with it, but the docs indicate ipfw is supported.
     
    Da Nag, Oct 14, 2007 IP
  4. craigedmonds

    craigedmonds Notable Member

    Messages:
    703
    Likes Received:
    131
    Best Answers:
    0
    Trophy Points:
    235
    #4
    Looks like a nice imple programme.

    I wonder if it will work on Centros OS.
     
    craigedmonds, Oct 15, 2007 IP