noah.odonoghue at gmail.com
Mon Apr 12 20:26:48 EST 2010
Not really knowing the specifics of fail2ban (yet) I'm just wondering if the
brute force attempts are coming from different ips?
I know some botnets have evolved around fail2ban by doing a distributed
attack that will try only a few passwords from each host.
From: progsoc-bounces at progsoc.org [mailto:progsoc-bounces at progsoc.org] On
Behalf Of Simon Pearce
Sent: Monday, 12 April 2010 2:19 PM
To: progsoc at progsoc.org
Subject: [ProgSoc] Fail2Ban
I am after some help with fail2ban. I have it installed on a hosted VM.
I see progsoc has it installed as well so I thought I would post here and
google isn't turning up any answer.
I am having a problem fail2ban appears to be banning some ip addresses but
when I look at my auth.log there are a lot more brute force ssh attacks that
aren't being blocked. I find this odd how it is intermitent. As it appears
to be working to some degree.
I am running debain lenny 32bit.
My fail2ban.log and my jail.conf are attached
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Progsoc