Is there an easy way to ban IP s ?

Discussion in 'Installation/Configuration' started by aceyzeriat, Aug 20, 2007.

  1. aceyzeriat

    aceyzeriat New Member

    Has somebody already tried to install DenyHost or another IP banning tool on an ISP_Config install ?

    Thanks,
    Arnaud
     
    aceyzeriat, Aug 20, 2007
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Denyhosts and fail2ban work fine.
     
    till, Aug 20, 2007
    #2
  3. aceyzeriat

    aceyzeriat New Member

    Hi Till and thanks for the fast answer,
    Do you know if there is any chance that an IP Banning tool will be installed directly in future ISP_Config releases ?

    regards,
    Arnaud
     
    aceyzeriat, Aug 20, 2007
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    I dont think that we will integrate this. It does not make much sense to bundle such a software when it can be easily installed separately.
     
    till, Aug 21, 2007
    #4
  5. aceyzeriat

    aceyzeriat New Member

    Ok Done and ....
    It was easily installed.

    So far it brought a brutal end to SSH attacks attempts

    Now I need to find a solution against my SMTP brute force hackers/spammers

    Thanks Till,


    Arnaud
     
    aceyzeriat, Aug 23, 2007
    #5
  6. falko

    falko Super Moderator Howtoforge Staff

    I think you can use fail2ban for it.
     
    falko, Aug 24, 2007
    #6
  7. aceyzeriat

    aceyzeriat New Member

    Ok, I have installed fail2ban in addition to DenyHost.
    in the postfix filter I have replaced the regexp by the recommended :
    failregex = reject: RCPT from (.*)\[<HOST>\]: 550 5.1.1
    reject: RCPT from (.*)\[<HOST>\]: 450 4.7.1
    reject: RCPT from (.*)\[<HOST>\]: 554 5.7.1

    Is there a way to share informatoin about attacking IPs like DenyHost ?
    I find that fail2ban and DenyHost are quiet complementary to each other.

    regards,
    Arnaud
     
    aceyzeriat, Aug 27, 2007
    #7

Share This Page