Server :: Fail2ban - Not Banning Apache Scanners
Aug 26, 2010
I've had fail2ban setup for awhile for my SSH server, and that works beautifully (I had someone I knew attempt to access it and get banned) however I then tried to set it up to ban people scanning my webserver for lots of other pages which dont exist (and have never been linked to) such as phpMyAdmin.
In my jail.conf I have:
Code:
However Looking at this I realise I need to edit the filter.d/apache-error.conf
I'm not sure exactly how to setup the regex to ban the correct hosts
The errors from the scanners are like this:
Code:
View 1 Replies
ADVERTISEMENT
Dec 2, 2015
I'm getting loads of hacking attempts on my pop3 daemon. Looks like fail2ban is not stopping it. How to ban these type of attacks?
Dec 2 12:14:49 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
Dec 2 12:14:49 sosaria pop3d: LOGIN FAILED, user=duky, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Disconnected, ip=[::ffff:109.81.181.238]
Dec 2 12:14:54 sosaria pop3d: Connection, ip=[::ffff:109.81.181.238]
[Code] ....
I've got in my /etc/fail2ban/jail.local:
[dovecot]
enabled = true
port = pop3,pop3s,imap,imaps
filter = dovecot
logpath = /var/log/mail.log
maxretry = 3
[Code] .....
View 10 Replies
View Related
Jun 21, 2010
I'm having a little trouble with ClamAV. Everytime someone sends me an email I get this error in my Webmin Mail Log. Now the mail works and it goes to the quarantine or to the user mail box but this error fills up my mail log and I'm assuming it is not using ClamAV virus definitions to scan the mail? How would I get rid of this error?
I checked in my /etc/clamd.conf and I have AllowSupplementaryGroups yes. What can be causing this error?
I am using ClamAV 0.96.1
Spamassassin 3.3.12
PostFix 2.3.3
CentOS 5.5
Jun 21 09:57:53 localhost amavis[10714]: (10714-03) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/amavisd/tmp/amavis-20100621T090618-10714/parts:
lstat() failed: Permission denied. ERROR
Jun 21 09:57:53 localhost amavis[10714]: (10714-03) WARN: all primary virus scanners failed, considering backups
Jun 21 09:58:01 localhost amavis[10714]: (10714-03) SPAM, <lovelovedsert12@yahoo.com> -> <acruel@email.com>, Yes, hits=20.638 tag=6 tag2=7 kill=7
tests=DKIM_ADSP_CUSTOM_MED=0.001, DRUGS_ERECTILE=2.221, FORGED_YAHOO_RCVD=1.022, FREEMAIL_ENVFROM_END_DIGIT=2.223, FREEMAIL_FROM=0.001,
FREEMAIL_REPLYTO=2.775, FREEMAIL_REPLYTO_END_DIGIT=0.98, FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001, INVALID_DATE=0.432, MISSING_MID=0.14,
NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_BSRN=2.5, RCVD_IN_RELAYS_ORDB=3, RDNS_NONE=1.274, TVD_RCVD_SINGLE=1.213,
T_TO_NO_BRKTS_FREEMAIL=0.01, quarantine spam-9665 (maia-spam-quarantine)
Jun 21 09:58:01 localhost amavis[10714]: (10714-03) Blocked SPAM, [212.96.9.34] [212.96.9.34] <lovelovedsert12@yahoo.com> -> <acruel@email.com>, Hits: 20.638, 8508ms
View 2 Replies
View Related
Nov 18, 2009
I have been trying for days now to get this to work. didn't want to bother people with my questions, i have installed Fail2Ban 0.8.4 on CentOS 5.4.
I get the email notifications from Fail2Ban stating that it just blocked another IP, however, when i look at the iptables through webmin, nothing is actually in there, also the log/secure file dose not show that the ip has been blocked.
Even when I try to log-in with the wrong password, after a few tries i get the email telling me that my ip is blocked, however, I can still SSH using my 'blocked' IP.
View 7 Replies
View Related
Jun 13, 2010
Every time I sign into my Empathy accounts, I get buddy requests from the same four people. I have to click "No" on four windows, every time I log in. Is there a way to block users on Empathy so I no longer receive these requests?
View 5 Replies
View Related
Oct 14, 2010
I am trying to solve a problem where Apache stats aren't displaying correctly in Munin. I've ran through quite a bit of checks and tests regarding Munin setup, but I think my issue is related to Apache, but my skill set there is lacking.
first, system info:
monitored server:
CentOS 5.3 2.6.18-128.1.1.el5
[code]....
View 7 Replies
View Related
Dec 9, 2010
I might as well start off by saying that I have the Linux-based Linksys WRT54GL router running the Tomato firmware. I've come up with an idea that I'm not sure is possible. Specifically, setting a router up to ban not by the MAC address of the network card, but by the operating system the machine itself is running.
This way someone could have, say, a laptop dual-booting Windows and Linux and would be unable to access the internal network if they are in Windows. However, if they reboot into Linux (or practically any other OS) they would be able to access the local network safely without the chance of spreading worms and whatever else garbage across the internal network. Similarly, other devices like Xbox 360s, Wiis, etc. would be unaffected since they don't run Windows. [Yes, 360 probably runs some highly modified NT kernel, but almost nothing else is similar to a Windows PC and the whole system is highly locked down by Microsoft, so I'd say it could be an exception.]
I was thinking of specifically banning Windows XP and lower (honestly as f***ed up as I've seen Vista and 7 get, I would consider banning those too...). The idea is to allow, well... everything that isn't Windows (except possibly Win7) to connect wirelessly to the local network.
Unfortunately, I cannot do anything like this just yet, and I'm in the planning stages, trying to figure out if it is even possible. There are unfortunately two computers in the house that aren't mine (one running Windows XP and another Windows 7... go figure, they came with it and either my sister refuses to use anything else or my mom's computer's wireless is a massive PITA to get to work in anything *besides* Windows). My guess is that this is either not possible or would be extremely hard to pull off. What do you guys think?
On the other hand, it would probably be possible to connect two routers to the incoming cable connection, giving them both different settings (SSIDs, WPA passwords, etc.) and only giving Windows users access to the outer router, but it'd be cool to be able to accomplish something like this with one router through its settings.
View 5 Replies
View Related
Feb 4, 2010
Any one have an idea How to clear apache cache without restarting apache server.
View 5 Replies
View Related
Jan 24, 2010
I am upgrading my server and I have a lot of sites. Since I cannot take my server down for a few days, maybe a week until I manage to migrate all the sites to the new machine, I figured I could migrate them one by one. After migrating one, I would somehow tunnel the requests of that name virtual host to my internal machine. When everything is migrated, I would then switch the machines, update ip's and stuff and everything will work just fine.
However I cannot seem to find a way to do this tunneling. is this at all possible? If not, what alternatives do I have?
View 5 Replies
View Related
Jan 8, 2010
I'm about to start a project which will take 12 to 18 months to complete. A major part of the project is the use of a scanner in fact it cannot proceed without scanner use. I have two scanners a Canon lide30 and a Medion N11652 with the ability to scan 35mm photographic slides. Xsane does not recognise either of them. From what I've been reading Ubuntu supports only a few scanners. I've recently purchased a professional photographic printer. While searching for a suitable printer I noted printers are not stand alone units these days. The units are multifunction the computer stores have row upon row of different brands and no stand alone printers. I feel sure these multifunction unit scanning abilities are enabled and used by linux users out there.
View 4 Replies
View Related
Oct 4, 2010
With Lucid I was capable of scanning both with my Epson Perfection 640 U scanner and with my HP-M1120n-MFP network scanner. To get the HP-M1120n to work I had to rename a file which I do not remenber which was. I do not remember where I found the instructions. I am running HPLIP 3.10.6 with Device Manager 15.0. I did a fresh install of Maverick Beta and I am not able to neither scan with the Epson Perfection scanner nor with the M1120n-MFP. As said, both worked with Lucid. As said I had to rename a file to get the MFP scanner to work. I include screen shots to this post.
View 8 Replies
View Related
Jan 6, 2011
I'm planning to setup an FTP folder which will be public facing, this will mostly be Windows document (e.g .doc files, .exe files etc) I do not want my folder to have any Windows based viruses (or linux ones for that matter), thus I need a way to prevent infected files being distributed via my FTP. Can anyone recommend a linux virus scanner which will remove windows viruses.
View 1 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a wholeload of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 1 Replies
View Related
Sep 28, 2010
My fail2ban won't block relay attempts (it does block ssh)
mail.log contains lots of
Code:
NOQUEUE: reject: RCPT from 118-167-6-196.dynamic.hinet.net[118.167.6.196]: 554 5.7.1 <333@fgytry.myip.org>: Relay access denied
jail.conf
[Code]....
View 4 Replies
View Related
Feb 5, 2011
I installed fail2ban from the Ubuntu Software Center (Ubuntu 10.10) and everything seemed to go fine. But when I try to access the client I get this output:
Code:
wolfgang@Culture:/var/log$ fail2ban-client status
ERROR Unable to contact server. Is it running?
[code]....
View 2 Replies
View Related
Feb 11, 2011
I yesterday installed fail2ban on my server and I see I am not getting logs for the genuine people also who log in to my machine.In
Quote:
/var/log/auth.log
It is a Ubuntu server and I had installed fail2ban via
Quote:
apt-get install
I thought some thing might be in
Quote:
/var/log/fail2ban.log
but there I do not see any thing
Quote:
2011-02-10 20:26:35,002 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2011-02-10 20:26:35,003 fail2ban.jail : INFO Creating new jail 'ssh'
2011-02-10 20:26:35,003 fail2ban.jail : INFO Jail 'ssh' uses poller
2011-02-10 20:26:35,031 fail2ban.filter : INFO Added logfile = /var/log/auth.log
[Code].....
View 1 Replies
View Related
Sep 9, 2010
I am having issues getting yum to work with the repos for fail2ban and denyhosts. I followed the centos link on installing/cfg repos. However every time i run yum install fail2ban or denyhosts it does not find the software. I read in several google searches that I should be able to install it using yum. Is that info wrong? These are the link I was s reading too from centos. [URL]. I know I can download the rpm or a tar file but I would like to keep it in sync with yum if possible. May be I have the wrong repo? CentOSPlus is enabled also.
View 3 Replies
View Related
Jan 14, 2011
Now it seems as though all of my printers and my scanners have disappeared, also thunderbird will not open anymore. I find this very strange.. I can't even think of why this would happen.--When I start thunderbird it says starting thunderbird then does nothing.. if I try to start it again it says that it's already running.. which it is not..I have all of my updates updated.. You are using Ubuntu 11.04 - the Natty Narwhal - released in April 2011 and supported until October 2012.
View 3 Replies
View Related
May 13, 2011
This is deja vue but I'm stuck again with an EPSON Perfection 4180 scanner. This is one of those scanners that is supported by the epkowa sane drivers and requires specific firmware.
The SBo packages
iscan-firmware
iscan-free
iscan-proprietary-drivers
Should make this scanner usable in slackware. I had this working on a slackware 13.1 (32 bit), now I am trying to get it going in slackware64 13.37.
The scanner is detected by sane-find-scanner:
Code:
And somewhat by scanimage -L:
Code:
However this fails to recognize the scanner model (which was ok in 13.1 32 bit) and then it also fails to work with scanning anything (scanimage, or xsane abort and the scanner never makes any noise).
I'm suspecting that there is some problem with the library contained in iscan-proprietary-drivers.
View 2 Replies
View Related
Apr 12, 2010
I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
[Code]....
View 7 Replies
View Related
May 10, 2010
Currently suffering from this bug:If you don't want to read the whole thing, it appears fail2ban overloads IPTables when you have too many jails, and sends a whole load of commands at once.I attempted to use the workaround making it sleep for a random period of time, but this does not help at all, it still fails like it used to.Any ideas? Fail2ban is a pretty popular app...Ubuntu 9.10.
Code:
$ aptitude show fail2ban
Package: fail2ban
[code]...
View 6 Replies
View Related
Oct 16, 2010
I'm trying to use a technique suggested by a fella at this website....
[URL]
He suggests adding an echo line to the actionban line in order to create or add to a file that will contain a list of all the IP's that fail2ban has banned.....but it doesn't seem to generate any output. .....here is the command.....
actionban = iptables -I fail2ban- 1 -s -j DROP
echo >> /etc/shitlist
I never get any IP's in the file so the echo part does not seem to work.
View 5 Replies
View Related
Sep 2, 2010
2.6.33.8-149.fc13.i686
When I was running FC10 my scanner just plugged in and worked. I must have lost something.
lsusb returns:
dmesg sees it. sane-find-scanner says:
scanimage -L returns:
And of course xsane/gimp say Not Avail. I've made sure all the (yum) sane sw is loaded and updated.
View 2 Replies
View Related
Aug 11, 2010
I have HP Scanjet 3770. UBUNTU 10.04 installed on my desktop. HPLIP also installed. This scanjet working well in Windows Xp but in ubuntu SimpleScan does not recognize it.
It shows:- No scanners detected Please check your scanner is connected and powered on.
I Also visited [url] & found as below-
ScanJet 3770 Unsupported. While an external binary-only backend exists, it works only on Linux i386. Therefore the scanner is unsupported on other platforms.
View 2 Replies
View Related
Sep 14, 2010
i have fail2ban on server but everytime fail2ban conducts a log rotation it unbans all the banned IP's. I have ip's to be banned for a week whenever a log rotation happens or i restart fail2ban i dont want all the ip's released! I was thinking there was a script or patch that would fix this but i have come up short.
View 2 Replies
View Related
Sep 30, 2010
I have nine barcode scanners, each of whose input I want to send to a separate instantiation of a program I wrote. Each device shows up as /dev/hidraw_ (I'm using Ubuntu 10.4). The problem is that they all act as simple keyboard input, and I can't seem to redirect the output from one to a specific instance of my program. I've tried something like cat /dev/hidraw5 > ./myapp, and that doesn't work. I've tried actually opening the device in my program using open("/dev/hidraw5"), and it returns success, but subsequent reads don't do anything, and the scanner output is just printed to the console.
View 1 Replies
View Related
Jan 20, 2011
I am installing Big Brother on a CentOS 5.2 running the default Apache 2.2.3. When I try to access any web page I get the following error: Forbidden You don't have permission to access /bb/ on this server. Apache/2.2.3 (CentOS) Server at fmsubbnix Port 80 So far I have:
1) Set the Directory options to FollowSymLinks
2) Verified all directory and file permissions are at 755
3) Set permissions temporarily to 777 and received same error so I am assuming the issue is in a config file somewhere
4) in hhtpd.conf verified <Files ~ "^.ht"> is correct
5) verified the "default" directory is correct (/var/www/html)
I have read and tried several ideas in posts listed on the web but to no avail and am at a loss as to what to look for next..
View 3 Replies
View Related
Apr 21, 2011
I'm running a linux cloud server with the following config
1.2ghz Processor allocation
752MB Ram
The site loads slow and clicking a link almost freezes the page for a second. Also, the page loads could be much faster. We've been running mysqltuner and have pretty much optimized all slow queries. Is there anything we can do to fine tune the server for faster and more responsive?
Httpd.conf
Timeout 20
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
code....
View 2 Replies
View Related
May 22, 2011
Does anyone have some material about statistics using ubuntu / linux server, or a text which generally describes the ubuntu server?I need urgent, i'm writing specialization work about administration apache and ftp server on ubuntu 10:10 server, so I need something for the conclusion.
View 7 Replies
View Related
Feb 2, 2011
I try to config my apache server to list all my files: c/c++, php, java files, like the txt file on my server,
e.g /var/www/mydomain/pub
i want to dump all my c/c++, php, java file under the pub directory and I can access it from my domain name,
if I dump txt file, I have no problem to view it, but when I dump c/c++ or php files under pub directory, then I can't view it like regular txt file,
Q: is there anyway I can configure my apache server to view all the c/C++, php, java file as like txt file?
View 1 Replies
View Related
