Highest Voted 'fail2ban' Questions - IT Security Stack Exchange

5

votes

3 answers

Does blocking an IP with IP Tables protect you from a DOS (not DDOS) attack?

I am fairly new to network security, and I just learned about the Fail2Ban framework you can use for automated exploit detection/prevention. It says that you can protect yourself from DOS attacks by setting up a rule that will automatically block…

asked Jan 30 '18 at 18:30

Jon Ferguson

53
4

3

votes

1 answer

How should output of fail2ban postfix-sasl look like

I want to be sure that fail2ban is properly banning failed postfix SASL login attempts. When I do iptables -L I can see list of banned hosts for SSHD, but I can't figure out a way to see banned hosts for SASL. postfix SASL is enabled, which I can…

linux ubuntu fail2ban postfix

asked Aug 31 '17 at 20:41

Aleksandar Pavić

272
2
11

2

votes

2 answers

Using fail2ban for detecting suspicious activity whitin a webserver

I know that fail2ban is mostly used for blocking IPs trying to brute force an SSH endpoint and other stuff like that. However, I am wondering if you could also use fail2ban to detect (not necessarily prevent) suspicious activity within a…

webserver fail2ban

asked May 16 '19 at 08:24

cis

255
2
7

2

votes

1 answer

Blocking slowloris using fail2ban, what are the correct parameters?

I have a fail2ban rule for Apache2 logs that which looks like this: [Definition] failregex = ^[^ ]+ .* \[\] "[^\"]*" 408 \d+ This will detect the 408 errors which happen when a TCP connection times out. The following is the Jail definition…

apache fail2ban

asked Apr 07 '17 at 21:36

Alexis Wilke

862
5
19

2

votes

1 answer

Blocking brute forcer with multiple IPs in range

A few weeks ago, I allowed my Linux Server to be connected from the internet for development purposes. My networking knowledge is quite basic. Following some guidelines on securing Linux servers, I have installed Fail2Ban and I also disabled root…

brute-force ip whois fail2ban

asked Jul 30 '16 at 06:14

user118989

1

vote

3 answers

Mailcleaner - Fail2ban - mc-exim-filter configuration

I'm using Fail2ban on a Mailcleaner server which works pretty good, but I want to update it to ban hosts who want to spoof our addresses. I'm using the "original" mc-exim-filter, but I don't really understand how regular expressions work. Here is an…

fail2ban regex

asked Mar 02 '21 at 14:56

Krisztian

13
2

1

vote

1 answer

Bots are using my own static IP to brute force DNS/Email server

My email server has been under constant brute force attack for a while now, without success. Recently, however, these bots or automated scripts have found a way to "use my own static IP" in an attempt to break into the email server. I am running…

linux fail2ban

asked Dec 16 '20 at 12:15

Glen

11
1

1

vote

1 answer

Do I need fail2ban if I have a strong password?

Is there any advantage to me installing fail2ban on my VPS web server? As far as I understood, fail2ban's only purpose is to stop bruteforce and dictionary attacks by preventing consecutive password logins from the same IP addresses. If I have a 12…

passwords ssh fail2ban

asked Jan 22 '20 at 20:49

Alex

67
3

1

vote

1 answer

Access from external network safely to raspberry

I am implementing a home alarm system with raspberry and I need to access it from the external network. The initial idea was to use cascade VPN and ssh (in my university to connect to the cluster I had to first connect to the University network and…

vpn ssh remote-server fail2ban

asked Sep 12 '18 at 07:42

dang92

11
1

1

vote

1 answer

Block hex encoded requests using fail2ban

I have new web server running nginx. The default server is receiving 10K+ requests every day from Russian bots. They are clearly probing for something, but it's hard to say what since the requests are partially hex encoded. I have tried decoding…

attack-prevention shellcode bot fail2ban

asked Aug 10 '18 at 09:09

mattf10

11
1

1

vote

2 answers

Is something like fail2ban necessary for a rate-limited key-only (no password) ssh login?

As far as I understand, bruteforcing ssh is only attempted for passwords, not keys (barring edge cases where presumably the NSA wants to break in). So if a server has disabled (in addition to root login) password authentication on its ssh, is it…

ssh brute-force fail2ban

asked Jul 11 '18 at 06:04

dakini

413
1
3
13

1

vote

0 answers

UFW behind modem does not block remote IP

I have a small linux server with fail2ban and UFW installed and configured behind internet gateway modem which ssh port is forwarded to server. The attackers are discovering by fail2ban and added to iptables and information mail is sent to me, but…

linux firewalls internet fail2ban

asked Mar 15 '17 at 08:01

Sencer H.

111
4

1

vote

1 answer

Does CSF-LFD include a Fail2Ban analogue or should include Fail2Ban at all?

I am not of the field of IS and After reading this CSF-LFD installation document, I've installed CSF-LFD via: cd /usr/src sudo rm -fv csf.tgz sudo wget https://download.configserver.com/csf.tgz sudo tar -xzf csf.tgz cd csf sudo sh install.sh sudo…

fail2ban

asked Nov 14 '16 at 17:42

user123574

1

vote

1 answer

Is it a security risk, lack of knowledge for reactive action, when abuse mail is rejected?

When inspecting the DNS configuration for example with dnsinspect.com, the following shows up sometimes (note I used example.com): Accepts Abuse Address WARNING: Found mail servers which are not accepting emails to abuse@example.com address:…

email dns risk-analysis risk fail2ban

asked Jun 28 '16 at 15:09

Bob Ortiz

6,234
8
43
90

0

votes

1 answer

Block many wrong requests via PHP

I have an API that requires a security token to run. Is it possible to use Fail2Ban or ModEvasive to block access from IPs that often try to access the API with an incorrect token? I use PHP to receive these requests, is it possible with it to…

php api fail2ban

asked Jun 10 '21 at 22:54

Tom

163
4

Questions tagged [fail2ban]