Debian :: Fail2ban Not Banning Pop3d
Dec 2, 2015
I'm getting loads of hacking attempts on my pop3 daemon. Looks like fail2ban is not stopping it. How to ban these type of attacks?
Dec 2 12:14:49 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: LOGIN FAILED, user=duky, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
[Code] ....
I've got in my /etc/fail2ban/jail.local:
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3
[Code] .....
View 10 Replies
ADVERTISEMENT
Aug 26, 2010
I've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.
In my jail.conf I have:
Code:
However Looking at this I realise I need to edit the filter.d/apache-error.conf
I'm not sure exactly how to setup the regex to ban the correct hosts
The errors from the scanners are like this:
Code:
View 1 Replies
View Related
May 17, 2011
I have some problems to start my dovecot server on Debian 6.0.1 I tried to install it from webmin using "un-used modules" but it was allways the same error: "E: Unable to locate package dovecot-pop3d".
When I tried to install it from console using the commands: apt-get install dovecot-imapd dovecot-pop3d dovecot-common - and there are no problems with dovecot-imapd and dovecot-common, but still the same error with dovecot-pop3d: "E: Unable to locate package dovecot-pop3d".
I did apt-get update ant apt-get upgrade but I'm receiving still the same error when I want to install pop3d.
It's interesting because there were no problems to install and run dovecot server on earlier versions of debian.
View 2 Replies
View Related
Jun 13, 2010
Every time I sign into my Empathy accounts, I get buddy requests from the same four people. I have to click "No" on four windows, every time I log in. Is there a way to block users on Empathy so I no longer receive these requests?
View 5 Replies
View Related
Jan 31, 2010
The user "abimail" has a mailbox specified in /home/abimail/.spop3d which is /var/mail/abimail. The permissions of /var/mail/abimail are:
Code:
rwxrwx--- 1 abimail mailgroup 192113 2010-01-28 20:24 /var/mail/abimail. When logging in to solid-pop3d as user abimail and attempting to fetch mails, the login works but it will pop up the error "can't open mailbox file"; syslog entries:
Code:
Jan 31 17:38:10 h1347290 solid-pop3d[23857]: user abimail authenticated - 87.176.220.50
Jan 31 17:38:10 h1347290 solid-pop3d[23857]: mailbox: can't open mailbox file: /var/mail/abimail
Jan 31 17:38:10 h1347290 solid-pop3d[23857]: mailbox: open: Permission denied
[Code]...
View 2 Replies
View Related
Dec 9, 2010
I might as well start off by saying that I have the Linux-based Linksys WRT54GL router running the Tomato firmware. I've come up with an idea that I'm not sure is possible. Specifically, setting a router up to ban not by the MAC address of the network card, but by the operating system the machine itself is running.
This way someone could have, say, a laptop dual-booting Windows and Linux and would be unable to access the internal network if they are in Windows. However, if they reboot into Linux (or practically any other OS) they would be able to access the local network safely without the chance of spreading worms and whatever else garbage across the internal network. Similarly, other devices like Xbox 360s, Wiis, etc. would be unaffected since they don't run Windows. [Yes, 360 probably runs some highly modified NT kernel, but almost nothing else is similar to a Windows PC and the whole system is highly locked down by Microsoft, so I'd say it could be an exception.]
I was thinking of specifically banning Windows XP and lower (honestly as f***ed up as I've seen Vista and 7 get, I would consider banning those too...). The idea is to allow, well... everything that isn't Windows (except possibly Win7) to connect wirelessly to the local network.
Unfortunately, I cannot do anything like this just yet, and I'm in the planning stages, trying to figure out if it is even possible. There are unfortunately two computers in the house that aren't mine (one running Windows XP and another Windows 7... go figure, they came with it and either my sister refuses to use anything else or my mom's computer's wireless is a massive PITA to get to work in anything *besides* Windows). My guess is that this is either not possible or would be extremely hard to pull off. What do you guys think?
On the other hand, it would probably be possible to connect two routers to the incoming cable connection, giving them both different settings (SSIDs, WPA passwords, etc.) and only giving Windows users access to the outer router, but it'd be cool to be able to accomplish something like this with one router through its settings.
View 5 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 1 Replies
View Related
Sep 28, 2010
My fail2ban won't block relay attempts (it does block ssh)
mail.log contains lots of
Code:
NOQUEUE: reject: RCPT from 118-167-6-196.dynamic.hinet.net[118.167.6.196]: 554 5.7.1 <333@fgytry.myip.org>: Relay access denied
jail.conf
[Code]....
View 4 Replies
View Related
Feb 5, 2011
I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code:
wolfgang@Culture:/var/log$ fail2ban-client status
ERROR Unable to contact server. Is it running?
[code]....
View 2 Replies
View Related
Feb 11, 2011
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
View 1 Replies
View Related
Sep 9, 2010
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
View 3 Replies
View Related
Apr 12, 2010
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
[Code]....
View 7 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 6 Replies
View Related
Oct 16, 2010
I'm trying to use a technique suggested by a fella at this website....
[URL]
He suggests adding an echo line to the actionban line in order to create or add to a file that will contain a list of all the IP's that fail2ban has banned.....but it doesn't seem to generate any output. .....here is the command.....
actionban = iptables -I fail2ban- 1 -s -j DROP
echo >> /etc/shitlist
I never get any IP's in the file so the echo part does not seem to work.
View 5 Replies
View Related
Sep 14, 2010
i have fail2ban on server but everytime fail2ban conducts a log rotation it unbans all the banned IP's. I have ip's to be banned for a week whenever a log rotation happens or i restart fail2ban i dont want all the ip's released! I was thinking there was a script or patch that would fix this but i have come up short.
View 2 Replies
View Related
Nov 18, 2009
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
View 7 Replies
View Related
Apr 5, 2011
I have just installed Ubuntu (/dev/sda7) and Debian (/dev/sda4), but since I have updated all informations on Ubuntu, then Debian did not appear anymore on the grub list. There is an wiki I have found, but I an not really sure about what to do.
Here are the boot informations:
Boot Info Script 0.55 dated February 15th, 2010
Boot Info Summary:
=> Grub 2 is installed in the MBR of /dev/sda and looks at sector 488861020
of the same hard drive for core.img, core.img is at this location on
/dev/sda and looks on partition #3 for (,gpt3)/grub.
[Code]...
ps: on this file, it says that the /boot is installed on the MBR and /dev/sda3. I will remove the boot from MBR as I am now using /dev/sda3 instead. Sorry for my english
View 7 Replies
View Related
Jul 17, 2009
I know of 3 at least so far Sidux and GRML and DRBL are there any others that are based on stabel or sid? or what? frugal as in like puppy, tinycore, dsl, etc nomadic like, usb, hd, etc?
View 14 Replies
View Related
Jun 1, 2010
Is it exactly the same? I saw 5'th smoothing and 6'th smoothing. For me - no difference at all. Does anyone have precise technical information?
View 1 Replies
View Related
Jul 7, 2011
I have a Windows domain with a proxy. I have an account that can use the proxy and the URL that points to the proxy.pac file. this might seem a stupid question but can anyone tell me how do I enter the username and password for my test Windows account so that Debian can authenticate it?
View 1 Replies
View Related
Mar 6, 2010
I had (and still do) a working dual-boot XP/Karmic (GRUB version 1.97 beta4). I shrank the Ubuntu partition and set up partitions and installed Debian 5.04. When I got to the point of installing GRUB, I told Debian to install grub to MBR. On rebooting, Ubuntu was not an option on the NEW (looked different) grub menu.Maybe it was GRUB2? Could boot to either XP or Debian though.
Thought easiest thing was to reinstall Ubuntu since it seems to "see" other OS's more reliably. So I did, and installed GRUB again during its install to MBR. Then, all three were in the GRUB menu (version 1.97 beta4 again), but when tried booting to Debian, got an error (forget the wording), but think it was because the partitions got renumbered when installing Ubuntu.
SO, reinstalled Debian, reformatting the partitions but not deleting them first so the numbering stayed the same. When got to the part for installing GRUB, I told it to skip (I got some kind of error that said "Install failed. This is a fatal error. You will have to boot with an external device..."), hoping now the current GRUB would work.
Now, all three were on the GRUB menu, but when I tried to boot Debian, I got "no such device" and a list of numbers/letters after it. And "press any key to continue", which takes you back to the GRUB menu (version 1.97 beta4, by the way).
O.K., did sudo update-grub in ubuntu and rebooted. Now, Debian 5.04 shows as last entry in GRUB, and choosing it starts a boot, which hangs at "Begin: Waiting for root file system....".
Waiting long enough at the "Waiting for root file system..." hang results in a series of notifications:
WARNING bootdevice may be renamed. Try root=dev/hda3
Gave up waiting for root device. Common problems:
-Boot args (cat /proc/cmdline)
-Check rootdelay= (did the system wait long enough?)
-Check root= (did the sytem wait for the right device?)
-Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/sda3 does not exist. Dropping to a shell!
In Gparted, the partition with Debian root is hdc3, although on the GRUB menu it's listed as /dev/sda3. However, in Gparted the Windows partition is hdc1 and on GRUB it's /dev/sda1, and it boots fine.....
Is my Debian install just borked? Did telling it to skip installing a bootloader (I got some kind of error that said "Install failed. This is a fatal error. You will have to boot with an external device..." ruin it?
If skipping the bootloader install did ruin it, how do you install Debian without borking your current GRUB? That's what happened the first time.
View 5 Replies
View Related
Feb 10, 2011
I have used Debian Linux for two years, most recently the seventh or so iteration of Version 5. I use the Gnome desktop and the Synaptic Package Manager, not the Update Manager, for updates because it's easier to build a log with the former.In my most recent update, Synaptic stripped out all the xserver-xorg files�47 in all. I thought it peculiar but did not know enough to interfere. When I rebooted, the system told me I must install xserver or correct GDM configuration and restart.
Have I been hacked? Am I being tested by the Linux Illuminati? Or does it have something to do with the warning message I received at the end of the update-upgrade, attached? And how do I go about reinstalling xserver? With Aptitude? I have tried running apt-get -f install, to no effect.
View 4 Replies
View Related
Mar 2, 2011
I got two harddisks, sda and sdb. Is it possible to install Debian root into software raid partitions sda2 and sdb1 leaving all other partitions 'normal' (not-raid)? do partitions sda2 and sdb1 need to be exact same size and position?
View 4 Replies
View Related
Apr 20, 2010
I have rtl8187se linux driver, during installation in debian linux it tells that "the kernel is not a generic". How can i install this driver in default debian kernel (without generic)?
View 1 Replies
View Related
Jul 19, 2011
Upon installing Debian, it asked me if it can use a mirror to get updated packages. I said no, yet it ignored my command and fetched packages. Why did Debian disobey me?
View 12 Replies
View Related
Feb 20, 2010
I have been learning Debian by using a virtual machine. After fine-tuning my installation procedure, I decided to copy that installation to my physical system. The hard drive already has another Linux based system installed. I plan to dual boot.After copying files I updated fstab and menu.lst.The partition scheme between the virtual and physical environments are similar, but the partitions are not mapped exactly the same.Thus the Debian system on the physical hard drive fails to boot simply because the initrd is created for the root partition location on the virtual machine. The initrd created in the virtual machine is looking for the root file system on /dev/hda1 whereas on my physical drive the new location is /dev/sda7.How can I rebuild the initrd on the physical system? I started to use the installation DVD in rescue mode, but I did not get too far.
View 6 Replies
View Related
Mar 10, 2010
I down loaded Debian 5.0.4 and burned it to CD (several times I might add till it was right) and now the computer I'm putting it on wont acknowledge it as a boot disk and load. It does not have a problem with my windows cd, which has a crack and the start of all my problems, But not the Debian CD-1 disk. what now? The computer is an IBM thinkpad a22p. Everything works as far as I can tell. But I was going to reinstall Windows and failed in that because of a small crack on the edge of the disk that stopped the install and any hope of accessing the file on the laptop. Microsoft does not support windows xp any longer, you must buy windows 7, but the ibm will not run it due to processor speed and ram limitations. But it will run linux and I'm willing to try it just to get out of microsoft control.
Idon't know what else to do. This is the link to where I downloaded the software ( [URL] ). The others five that i downloaded were on the same page that I got this one. Are there bad files here? Is there a missing file in the disc?
View 4 Replies
View Related
Sep 7, 2010
I have a post in beginners section but maybe I can find some help here.. If you do not mind,please read the following post about my problem.viewtopic.php?f=30&t=55243&p=320093#p319848
View 1 Replies
View Related
Jul 4, 2011
I tend to stay on for long time. My machine is a Fujitsu T4310 tablet. I have got all tablet features previously working properly when I was on Isadora Mint. After installing LMDE to my surprise basic features of the tablet simply worked out of the box but I'm missing a few important features like multitouch, screen rotate and buttons in tablet mode.
As far as my experience with Isadora, it needed a driver called "fjbtndrv", but I couldn't find it in the repos, moreover, I think it might need some tweeks to get it behaving properly. I found some refferences but it refers to other ubuntu based distros, which I can't use of course.
p.s. prefere a solution other than compiling it myself, it looks scary and has lots of dependencies.
View 14 Replies
View Related
Jan 18, 2010
i do have a strange problem get running php5 on lenny 64 inside apache2. i had installed it as all instructions on the web does: # apt-get install php5 libapache2-mod-php5 php5-cli php5-common php5-cgi
apt has enabled php automatically, so
/etc/apache2/mods-enabled/php5.conf does have inside:
<ifmodule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</ifmodule>
[Code]...
View 3 Replies
View Related
