From: Jason L. <hac...@ya...> - 2024-03-05 11:15:01
|
Hello, How can I block someone who has entered the wrong password three times in any given time period? Thanks. |
From: James M. <moe...@sm...> - 2024-03-05 20:03:21
|
On 2024-03-05 04:14, Jason Long via Fail2ban-users wrote: > How can I block someone who has entered the wrong password three times in any given time period? --[ Jail definition ]-- bantime.increment = true bantime.factor = 1 bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor [jail-name] enabled = true port = smtp,465,submission logpath = /path/to/maillog.txt datepattern = %%Y-%%m-%%d_%%H:%%M:%%S logencoding = utf-8 # # bantime = 26w 15h bantime = 182.62d maxretry = 3 findtime = 2w action = iptables-multiport[name=jname, port="smtp,465,submission", protocol=tcp] --[ end ]-- Then create a filter in filter.d that matches the failed login log entry. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. |
From: Jason L. <hac...@ya...> - 2024-03-06 12:54:58
|
> On Tuesday, March 5, 2024 at 11:36:49 PM GMT+3:30, James Moe via Fail2ban-users <fai...@li...> wrote: > On 2024-03-05 04:14, Jason Long via Fail2ban-users wrote: > How can I block someone who has entered the wrong password three times in any given time period? --[ Jail definition ]-- bantime.increment = true bantime.factor = 1 bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor [jail-name] enabled = true port = smtp,465,submission logpath = /path/to/maillog.txt datepattern = %%Y-%%m-%%d_%%H:%%M:%%S logencoding = utf-8 # # bantime = 26w 15h bantime = 182.62d maxretry = 3 findtime = 2w action = iptables-multiport[name=jname, port="smtp,465,submission", protocol=tcp] --[ end ]-- Then create a filter in filter.d that matches the failed login log entry. -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. _______________________________________________ Fail2ban-users mailing list Fai...@li... https://lists.sourceforge.net/lists/listinfo/fail2ban-users Hello, Thanks. I need this strategy for SSH service. |
From: James M. <moe...@sm...> - 2024-03-06 17:37:34
|
On 2024-03-06 05:54, Jason Long wrote: > Thanks. > I need this strategy for SSH service. > Change the port number(s). -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think. |