Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
howto:fail2ban [2017/09/19 11:49] – WIP (using fail2ban) ragnarokhowto:fail2ban [2018/01/14 13:15] – [See Also] digital man
Line 1: Line 1:
 ====== Use Fail2Ban on GNU/Linux to block botnet's attacks ====== ====== Use Fail2Ban on GNU/Linux to block botnet's attacks ======
  
-Synchronet now have a built-it support to block incomming connections (see [[howto:block-hackers|Blocking "Hackers"]]) but it's feature protect SBBS services only. If you running another services/daemos on same server, you can use Fail2Ban and the to block at firewall level the ip address from the attacker.+Synchronet now have a built-in support to block incomming connections (see [[howto:block-hackers|Blocking "Hackers"]]) but it's feature protect SBBS services only (which in most cases is sufficient)
  
-You must config an setup the sbbs log file that are explained here: [[config:nix|UNIX]]+If you running another services/daemons on same server, you can use [[http://fail2ban.org|Fail2Ban]] and to block at firewall level the ip address from the attacker.
  
-These examples where made on Debian GNU/Linux, but you can adjust and apply for another distribution like Ubuntu, Arch, Fedora, etc.+You must config and setup the sbbs log file that are explained here: [[config:nix|UNIX]] 
 + 
 +//NOTE: These examples where made on Debian GNU/Linux, but you can adjust and apply for another distribution like Ubuntu, Arch, Fedora, etc. 
 +//
  
 First step, install fail2ban package: First step, install fail2ban package:
Line 12: Line 15:
 apt-get install fail2ban apt-get install fail2ban
 </code> </code>
 +
 +Create the file /etc/fail2ban/jail.d/sbbs.conf
 +<code>
 +[sbbs-main]
 +enabled  = true
 +filter   = sbbs-main
 +action   = iptables-allports[name=SBBS-main, protocol=all]
 +logpath  = /var/log/sbbs.log
 +maxretry = 3
 +findtime = 21600
 +bantime = 21600
 +</code>
 +
 +Create the filter file /etc/fail2ban/filter.d/sbbs-main.conf
 +<code>
 +[INCLUDES]                                                                                                                                                              
 +before = common.conf                                                                                                                                                    
 +
 +[Definition]                                                                                                                                                            
 +failregex = Bad password from: <HOST>                                                                                                                                   
 +            Throttling suspicious connection from: <HOST>                                                                                                               
 +ignoreregex =  
 +</code>
 +
 +Reload or restart the service and verify if you jail is loaded:
 +<code>
 +# fail2ban-client status
 +Status
 +|- Number of jail:      7
 +`- Jail list:           ssh, asterisk-udp, *sbbs-main*, nginx-http-auth, ssh-ddos, asterisk-tcp
 +
 +</code>
 +
 +After some time, you can observe via iptables that severals ip address was blocked
 +
 +<code>
 +# iptables -L -n 
 +
 +Chain fail2ban-SBBS-main (1 references)
 +target     prot opt source               destination         
 +REJECT     all  --  49.64.51.116         0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  187.161.208.161      0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  190.130.22.81        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  94.123.59.80         0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  118.175.228.237      0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  220.240.252.176      0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  71.248.179.3         0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  185.29.71.147        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  201.69.90.121        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  78.186.210.14        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  117.247.90.134       0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  37.130.109.12        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  189.110.122.99       0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  24.70.18.200         0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  112.164.94.30        0.0.0.0/           reject-with icmp-port-unreachable
 +REJECT     all  --  37.109.137.13        0.0.0.0/           reject-with icmp-port-unreachable
 +RETURN     all  --  0.0.0.0/           0.0.0.0/          
 +
 +</code>
 +
 +**ToDo:**
 + 
 +  * Add regexp for spam.log and hack.log 
 + 
 ===== See Also ===== ===== See Also =====
   * [[:howto:|howto index]]   * [[:howto:|howto index]]
  
-{{tag>}}+{{tag>linux}}
  

Trace: