Synchronet v3.21e-Win32 (install) has been released (Mar-2026).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howto:fail2ban [2020/07/02 22:59] – add rules for hack / spam logs ragnarokhowto:fail2ban [2025/08/18 14:15] (current) – Updated filter for hack.log, now matching all hack attempts, not just FTP Karloch
Line 25: Line 25:
 maxretry = 3 maxretry = 3
 findtime = 21600 findtime = 21600
 +bantime = 21600
 +
 +[sbbs-ddos]
 +enabled  = true
 +filter   = sbbs-ddos
 +action   = iptables-allports[name=SBBS-ddos, protocol=all]
 +logpath  = /var/log/sbbs.log
 +maxretry = 8
 +findtime = 600
 bantime = 21600 bantime = 21600
  
Line 65: Line 74:
 failregex = Bad password from: <HOST> failregex = Bad password from: <HOST>
             Throttling suspicious connection from: <HOST>             Throttling suspicious connection from: <HOST>
 +ignoreregex =
 +</code>
 +
 +Filter for ddos (/etc/fail2ban/filter.d/sbbs-ddos.conf)
 +<code>
 +[INCLUDES]
 +before = common.conf
 +
 +[Definition]
 +failregex = !Maximum concurrent connections without login (.*) reached from host: <HOST>
 ignoreregex = ignoreregex =
 </code> </code>
Line 73: Line 92:
 before = common.conf before = common.conf
 [Init] [Init]
-maxlines=6+maxlines = 3
 [Definition] [Definition]
-failregex = ^SUSPECTED FTP HACK ATTEMPT from .* on .* \nUsing port .* at .* \[<HOST>\]\nDetails: .\n+failregex = ^SUSPECTED .* LOGIN HACK ATTEMPT .*$(?:\r?\n)+Using port \S+ at .* \[(?:::ffff:)?<HOST>\]\s*
 +datepattern = {}(?:Mon|Tue|Wed|Thu|Fri|Sat|Sun) %%b %%d %%Y %%H:%%M:%%S
 ignoreregex = ignoreregex =
 </code> </code>
Line 86: Line 106:
 failregex = .* !TEMPORARY BAN of .* <HOST> .* failregex = .* !TEMPORARY BAN of .* <HOST> .*
             SMTP BLACKLISTED SERVER on .* \(.*\)\: .* \[<HOST>\]             SMTP BLACKLISTED SERVER on .* \(.*\)\: .* \[<HOST>\]
 +            ^.*\[<HOST>\].*\!TEMPORARY BAN.*$
 ignoreregex = ignoreregex =
 </code> </code>
Line 105: Line 126:
 Status Status
 |- Number of jail: 7 |- Number of jail: 7
-`- Jail list: asterisk, nginx-botsearch, *sbbs-hack, *sbbs-main, *sbbs-smtp, *sbbs-spam, sshd+`- Jail list: asterisk, nginx-botsearch, *sbbs-hack, *sbbs-main, *sbbs-smtp, *sbbs-spam, *sbbs-ddos, sshd
  
 </code> </code>
Line 135: Line 156:
 RETURN     all  --  0.0.0.0/           0.0.0.0/           RETURN     all  --  0.0.0.0/           0.0.0.0/          
  
 +Chain fail2ban-SBBS-ddos (1 references)
 +target     prot opt source               destination
 +REJECT     all  --  110.53.221.190       0.0.0.0/           reject-with icmp-port-unreachable
 +RETURN     all  --  0.0.0.0/           0.0.0.0/0
 </code> </code>
-  
 ===== See Also ===== ===== See Also =====
   * [[:howto:|howto index]]   * [[:howto:|howto index]]

Trace: Command Lines