[ProgSoc] Fail2Ban

Simon Pearce simon275 at progsoc.org
Mon Apr 12 22:41:20 EST 2010


Hi

I can dump out my auth.log file if you want but the IP's are the same for a
large number of tries and are not being banned.

I will watch the logs further to see if this keeps occuring

Cheers

On Mon, Apr 12, 2010 at 8:26 PM, Noah O'Donoghue
<noah.odonoghue at gmail.com>wrote:

> Not really knowing the specifics of fail2ban (yet) I’m just wondering if
> the brute force attempts are coming from different ips?
>
>
>
> I know some botnets have evolved around fail2ban by doing a distributed
> attack that will try only a few passwords from each host.
>
>
>
> *From:* progsoc-bounces at progsoc.org [mailto:progsoc-bounces at progsoc.org] *On
> Behalf Of *Simon Pearce
> *Sent:* Monday, 12 April 2010 2:19 PM
> *To:* progsoc at progsoc.org
> *Subject:* [ProgSoc] Fail2Ban
>
>
>
> Hi Progsoc
>
> I am after some help with fail2ban. I have it installed on a hosted VM.
>
> I see progsoc has it installed as well so I thought I would post here and
> google isn't turning up any answer.
>
> I am having a problem fail2ban appears to be banning some ip addresses but
> when I look at my auth.log there are a lot more brute force ssh attacks that
> aren't being blocked. I find this odd how it is intermitent. As it appears
> to be working to some degree.
>
> I am running debain lenny 32bit.
>
> My fail2ban.log and my jail.conf are attached
>
> Thanks
>
> -Simon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://progsoc.org/pipermail/progsoc/attachments/20100412/f3f3c760/attachment.htm 


More information about the Progsoc mailing list