Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
howto:fail2ban [2018/01/14 13:15] – [See Also] digital manhowto:fail2ban [2020/07/02 22:59] – add rules for hack / spam logs ragnarok
Line 26: Line 26:
 findtime = 21600 findtime = 21600
 bantime = 21600 bantime = 21600
 +
 +[sbbs-hack]
 +enabled  = true
 +filter   = sbbs-hack
 +action   = iptables-allports[name=SBBS-hack, protocol=all]
 +logpath  = /sbbs/data/hack.log
 +maxretry = 3
 +findtime = 21600
 +bantime = 21600
 +
 +[sbbs-smtp]
 +enabled  = true
 +filter   = sbbs-smtp
 +action   = iptables-allports[name=SBBS-smtp, protocol=all]
 +logpath  = /var/log/sbbs.log
 +maxretry = 3
 +findtime = 21600
 +bantime = 21600
 +
 +[sbbs-spam]
 +enabled  = true
 +filter   = sbbs-spam
 +action   = iptables-allports[name=SBBS-spam, protocol=all]
 +logpath  = /sbbs/data/spam.log
 +maxretry = 3
 +findtime = 21600
 +bantime = 21600
 +
 +
 </code> </code>
  
 Create the filter file /etc/fail2ban/filter.d/sbbs-main.conf Create the filter file /etc/fail2ban/filter.d/sbbs-main.conf
 <code> <code>
-[INCLUDES]                                                                                                                                                               +[INCLUDES] 
-before = common.conf                                                                                                                                                    +before = common.conf
  
-[Definition]                                                                                                                                                             +[Definition] 
-failregex = Bad password from: <HOST>                                                                                                                                    +failregex = Bad password from: <HOST> 
-            Throttling suspicious connection from: <HOST>                                                                                                                +            Throttling suspicious connection from: <HOST> 
-ignoreregex =  +ignoreregex = 
 +</code> 
 + 
 +Filter for hack.log (/etc/fail2ban/filter.d/sbbs-hack.conf) 
 +<code> 
 +[INCLUDES] 
 +before = common.conf 
 +[Init] 
 +maxlines=6 
 +[Definition] 
 +failregex = ^SUSPECTED FTP HACK ATTEMPT from .* on .* \nUsing port .* at .* \[<HOST>\]\nDetails: .* \n 
 +ignoreregex = 
 +</code> 
 + 
 +Filter for smtp (/etc/fail2ban/filter.d/sbbs-smtp.conf) 
 +<code> 
 +[INCLUDES] 
 +before = common.conf 
 +[Definition] 
 +failregex = .* !TEMPORARY BAN of .* <HOST> .* 
 +            SMTP BLACKLISTED SERVER on .* \(.*\)\: .* \[<HOST>\] 
 +ignoreregex = 
 +</code> 
 + 
 +Filter for spam (/etc/fail2ban/filter.d/sbbs-spam.conf) 
 +<code> 
 +[INCLUDES] 
 +before = common.conf 
 +[Definition] 
 +failregex = SMTP BLACKLISTED SERVER on .* \(.*\)\: .* \[<HOST>\] 
 +            Host\: .* \[<HOST>\] 
 +ignoreregex =
 </code> </code>
  
 Reload or restart the service and verify if you jail is loaded: Reload or restart the service and verify if you jail is loaded:
 <code> <code>
 +
 # fail2ban-client status # fail2ban-client status
 Status Status
-|- Number of jail:      +|- Number of jail: 7 
-`- Jail list:           ssh, asterisk-udp, *sbbs-main*nginx-http-authssh-ddosasterisk-tcp+`- Jail list: asterisk, nginx-botsearch, *sbbs-hack*sbbs-main*sbbs-smtp*sbbs-spam, sshd
  
 </code> </code>
 +(*) your sbbs active jail's
  
 After some time, you can observe via iptables that severals ip address was blocked After some time, you can observe via iptables that severals ip address was blocked
Line 74: Line 136:
  
 </code> </code>
- 
-**ToDo:** 
-  
-  * Add regexp for spam.log and hack.log  
    
 ===== See Also ===== ===== See Also =====

Trace: