FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-06-2008, 04:48 PM
Thierry Chatelet
 
Default how to block 'rogue' attemps from China

On Monday 06 October 2008 18:23:35 H.S. wrote:
> Hello,
>
> On my Debian server I run at home, I notice that there are numerous
> attempts at trying to access some php pages or trying use my server as a
> proxy. Some examples:
>
> be a good idea.
>
> Regards.


fail2ban?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-06-2008, 04:54 PM
"H. S."
 
Default how to block 'rogue' attemps from China

On Mon, Oct 6, 2008 at 12:48 PM, Thierry Chatelet <tchatelet@free.fr> wrote:





fail2ban?




hmm ... looks interesting. What about the cpu usage? My router is an old Debian machine, intel 450 MHz and 375 MB RAM.
 
Old 10-06-2008, 04:58 PM
Thierry Chatelet
 
Default how to block 'rogue' attemps from China

On Monday 06 October 2008 18:54:57 H. S. wrote:
> On Mon, Oct 6, 2008 at 12:48 PM, Thierry Chatelet <tchatelet@free.fr> wrote:
> > fail2ban?
>
> hmm ... looks interesting. What about the cpu usage? My router is an old
> Debian machine, intel 450 MHz and 375 MB RAM.

Not a clue. I am using it on a rented server which is relatively powerfull, so
I never cared about it.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-06-2008, 06:11 PM
Juha Tuuna
 
Default how to block 'rogue' attemps from China

Thierry Chatelet wrote:
>> fail2ban?
> hmm ... looks interesting. What about the cpu usage? My router is an old
> Debian machine, intel 450 MHz and 375 MB RAM.

I run fail2ban on a 262MHz Amd K6-2 with 48MiB of RAM. Works nicely.

--
Juha Tuuna


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-06-2008, 06:36 PM
"H.S."
 
Default how to block 'rogue' attemps from China

Juha Tuuna wrote:
> Thierry Chatelet wrote:
>>> fail2ban?
>> hmm ... looks interesting. What about the cpu usage? My router is an old
>> Debian machine, intel 450 MHz and 375 MB RAM.
>
> I run fail2ban on a 262MHz Amd K6-2 with 48MiB of RAM. Works nicely.
>

Thanks, this is very helpful in fixing some sort of a reference.

I have installed fail2ban and now I am waiting to catch some fish

For the Koha log, I get the following typically:

[Mon Oct 06 01:00:03 2008] [error] [client 222.187.221.83] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 07:59:19 2008] [error] [client 222.187.221.113] script
'/home/tmpuser/koha/opac/htdocs/prx1.php' not found or unable to stat
[Mon Oct 06 12:29:20 2008] [error] [client 221.192.199.36] File does not
exist: /home/tmpuse/koha/opac/htdocs/myproxies


I am using the following stanza for it in my jail file of fail2ban:
[koha]

enabled = true
port = http,https
filter = my-koha.conf
logpath = /home/tmpuser/koha/var/log*error_log
maxretry = 2



with this filter:
failregex = error.*client <HOST>.*script.*not found or unable to stat$


Am I on the right track? (I am not familiar with regexp in Python).

Thanks.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:28 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org