From: Fabian W. <fa...@we...> - 2013-03-10 21:25:50
|
Hello Alex I just want to clarify some points, but I will not continue this discussion any more. The questions below are only rhetorical and do not need to be answered. On 10.03.2013 20:14, al...@ma... wrote: >> Why does this come up again? > > It comes up again because nothing was done by fail2ban to stop it - we How does the manufacturer of your car stop you from driving to fast and then getting a speeding ticket? He does nothing, he sells you a car which is clearly capable to drive lot faster then the maximum 120 km/h which are allowed (e.g. here in Switzerland). It is the drivers responsibility to drive below or at the allowed speed for the road driving on. >> You can not blame the software developers for mistakes clearly done by the > end user > > I don't think you are acting responsibly here because you just shift the > blame to end users and basically wash your hands, even though it's your > (assuming you are the person who maintains it) software that is being > misused. I am just a happy and responsible user of fail2ban, I am not a developer. > Compare your attitude to ours - we have written a crawler that is run by > volunteers BUT we deal with all queries that come up, including abuse > complaints when our project members get them. We don't wash our hands saying > - it's the end user's problem who is running OUR software. Now THAT's a > responsible behaviour of a software writer, yours in my view isn't. Even I am not a developer, it is always the users (SysAdmins) responsibility to use a software. The developer does not force the user to use his software. The same as your car manufacturer does not force you to drive the car at full speed, even if it can be done. > Have you made any effort at all to stop misuse of fail2ban software? How should the developer do this? Everybody can install and use the software, without the knowing of the developer. And as already stated many times, the default install does not do anything on error 404 and it does also not send out abuse notices. > For example a big red font warning on how NOT to use it on the downloads > page could have helped. It would certainly be a good start. I guess it is asking to much, as there are to many possibilities to configure fail2ban (or any other software) in a way, that it will hurt a third party. This clearly belongs to the responsibility of the user (SysAdmin) configuring the software. He does know his system the best, and he has to decide how the software can fit his needs. If he is sending out abuse notices, it is his own responsibility. So next time with such a complain, write an answer to the ISP and asking him to forward this to the original sender. You have, even if it is through a third party (the complaining ISP), the much better possibility to contact (or inform) this user of fail2ban. > Jokes aside, I think you are not treating this problem as seriously as we > do. I am, as I do not use the abuse notifications and I also do not block access based on random error 404 in the Apache logs. bye Fabian |