I've got a script that works with Fail2Ban to block repeat offenders via IPTable rules. I'd like to get this working with ISPconfig, but I can't figure out how it determines when to write IPTable rules. Is this information stored in the DB somewhere?
I don't understand why you want to integrate this into ISPConfig when this script works with fail2ban?
I am working on preventing persistent attackers from returning. Right now fail2ban will ban for a set period of time and then unban them. I could increase the time of the ban, but that would affect legitimate users that are bad typists. The other issue is that fail2ban rules get cleared if the server is restarted. Granted, this doesn't happen frequently, but I'd prefer a way to automatically add back in the IP addresses that I've deemed 'dangerous' because of their continued attempts to log in via brute force. What I am currently doing is storing all IP addresses that trigger a fail2ban jail. I can automatically add them to IPTables, but if I do that ISPConfig comes along a short time later and makes it own changes wiping out the changes my script just made. I'd like to be able to integrate with ISPConfig in this regard, but I am not sure where it stores it's rules for what to allow.
Pleae see this thread: http://www.howtoforge.com/forums/showthread.php?t=6209 The method described there for ispconfig 2 should work with ispconfig 3 as well.
