From: <is...@ad...> - 2008-01-30 06:55:05
|
Hi, There is almost 3 weeks since I'm struggling to ban failed logins on my vsftpd with fail2ban. The scenario looks like this: With vsftpd-2.0.1-5.EL4.5 and fail2ban-0.6.1-2jik it worked and it works like a charm, it banes all the "530 Permission denied" IP-s. With vsftpd-2.0.5-10.el5 and fail2ban-0.8.1-10.el5 or any other version of fail2ban I was unable to block the brute force for vsftpd. The thing is that I never seen any setup for fail2ban for "530 Permission denied" IP-s, meaning, failed authentications with non existing vsftpd usernames for any version of fail2ban. Do you have an official solution for it? The frustration: Where can be the difference between vsftpd-2.0.1-5.EL4.5 and vsftpd-2.0.5-10.el5, if the /var/log/vsftpd.log file for both versions has the same format and fail2ban work for the first and is doesn't work for the last? Thank you! Istvan |
From: Cyril J. <cyr...@fa...> - 2008-01-31 22:37:02
|
Hi Istvan, > There is almost 3 weeks since I'm struggling to ban failed logins on my > vsftpd with fail2ban. The scenario looks like this: > With vsftpd-2.0.1-5.EL4.5 and fail2ban-0.6.1-2jik it worked and it works > like a charm, it banes all the "530 Permission denied" IP-s. > With vsftpd-2.0.5-10.el5 and fail2ban-0.8.1-10.el5 or any other version > of fail2ban I was unable to block the brute force for vsftpd. > The thing is that I never seen any setup for fail2ban for "530 > Permission denied" IP-s, meaning, failed authentications with non > existing vsftpd usernames for any version of fail2ban. Do you have an > official solution for it? Could you provide a complete log line? > The frustration: Where can be the difference between > vsftpd-2.0.1-5.EL4.5 and vsftpd-2.0.5-10.el5, if the /var/log/vsftpd.log > file for both versions has the same format and fail2ban work for the > first and is doesn't work for the last? > Could you show your old /etc/fail2ban.conf and your current /etc/fail2ban/filter.d/vsftpd.conf? You could give "fail2ban-regex" a try too. Regards, Cyril Jaquier |