From: r00t-Services.net S. <su...@r0...> - 2012-11-16 10:50:55
|
Hello Johannes, it's a new feature since version 0.8.7 ( http://www.fail2ban.org/wiki/index.php/ChangeLog). If you have a look at the jail.conf which comes with the most recent version, you will find a filter config for "recidive" which includes a description on how it works. Have a look there and scroll down to the end of the file - it's self-explanatory: https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf Best Regards, r00t-Services.net On 16.11.2012 06:49, Johannes Weberhofer wrote: > Hi! > > Is there any documentation available for "recidive"? > > Johannes > > Am 15.11.12 12:42, schrieb r00t-Services.net Support: >> Hello Andreas, >> >> you can use the " recidive" filter to ban repeated offenders for a >> longer period of time. If the attacker is bruteforcing your server very >> slowly, you should set the "findtime" to a higher value. >> >> If it's just one host trying to bruteforce your server, you could also >> just ban it manually using iptables: >> >> iptables -A INPUT -s 1.2.3.4 -j DROP >> >> Where "1.2.3.4" is the offending IP. fail2ban already includes a >> whitelist function and a blacklist wouldn't make sense, as you can >> simply use iptables to maintain permanent IP bans. >> >> Best Regards, >> r00t-Services.net >> >> >> On 15.11.2012 08:16, Andreas Tirok wrote: >>> Hi list, >>> >>> in the ssh logs are tracks of brute force attacks with a delay from up >>> to 6 minutes coming from >>> the same host. >>> >>> Now I have 2 questions: >>> >>> How can I ban this hosts permanently? >>> Are there plans to implement own white/blacklists? >>> >>> Regards >>> >>> Andy >>> >>> ------------------------------------------------------------------------------ >>> Monitor your physical, virtual and cloud infrastructure from a single >>> web console. Get in-depth insight into apps, servers, databases, vmware, >>> SAP, cloud infrastructure, etc. Download 30-day Free Trial. >>> Pricing starts from $795 for 25 servers or applications! >>> http://p.sf.net/sfu/zoho_dev2dev_nov >>> _______________________________________________ >>> Fail2ban-users mailing list >>> Fai...@li... >>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> ------------------------------------------------------------------------------ >> Monitor your physical, virtual and cloud infrastructure from a single >> web console. Get in-depth insight into apps, servers, databases, vmware, >> SAP, cloud infrastructure, etc. Download 30-day Free Trial. >> Pricing starts from $795 for 25 servers or applications! >> http://p.sf.net/sfu/zoho_dev2dev_nov >> _______________________________________________ >> Fail2ban-users mailing list >> Fai...@li... >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> |