I am receiving the entries below in my mail log on a regular basis. Some times many times on one day. This IP address is not the only one making this attempt, there are several. Is this a problem or potential problem? Is there a way to block all attempts from these IP addresses?
No, thats normal. This are just some guys who want to use your server to send spam. There are severla ways, one way is: /sbin/route add -host 124.8.106.88 reject Or you take a look at fail2ban and denyhosts.
fail2ban permanently banning a persistent offenders I have fail2ban installed and working, it is banning relay access attempts amongst others. However I have several IP’s that are being persistent and have worked out that they are only banned for a while so they try and when they get banned they wait for a bit and then try again, after they have been unbanded. I know that I can block IP’s with iptables manually and I have tried this however some program on my system (and I think it was fail2ban) has rewritten the iptables and removed all of my additions. I went back to the fail2ban documentation to see if there was any thing I could do. In the documentation it sais that you can ban “temporarily or permanently”. I have the temporarily working what I want is a way of permanently banning a persistent offenders. Does any one know how to block persistent offenders with fail2ban. Thanks in advance. Cat
As far as I know, fail2ban can ban temporarily or persistent but I dont think that it can ban only some IP's temporarily. What you might use to ban some IP's permanently is this command, which should not collide with the fail2ban iptables rules: /sbin/route add -host 192.168.0.1 reject
I am unsure that fail2ban is working fail2ban was updated a day or two ago when I ran update manager. This usually does not cause any problems. After the update I noticed some new information when I ran iptables -L From iptables -L Is this correct or is there problem with fail2ban? I also noticed in the fail2ban.log From fail2ban.log There does not seem to be anything banning these attempts. When fail2ban use to ban things it would put “ban” on the end of the line, I don’t see that any more. I created a jail.local and added the jails from falkos how to setup fail2ban on Debian. However I had to make most of them “enabled = false” because I got the following error messages. From fail2ban.log I have read every thing I can but I cant find any thing that seems to make a difference. Does any one have any ideas? from mail.log Also a separate issue I am getting lots of entries like below in my mail.log file is there a problem there and if not id there a way to stop them from being generated? From mail.log Thanks for your help cat
Hi AD Code 1 that is normal but your fail2ban have not enable jail , then dont do anything. AD Code 2 that isnt normal, please check configuration of your fail2ban jails and log paths. AD Code 3 Connections From localhost is normal, that is ispconfig service check atempts. Try configure and unerstand fail2ban settings, enable rules only what you need, and add your ip to ingoreip list because you can be baned to while configuring and making tests .
/sbin route is a command and not a file to add something. Just execute the command as it is shown in my post, just replace the IP with the IP that shall be banned.
Yes. Thats the way routing works in Linux. The routes are stored within the kernel memory. See man route as I suggested above!
