FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 09-28-2008, 03:41 AM
Karl Pearson
 
Default Fail2Ban?

I've installed fail2ban and it's working nicely. I lengthened out the
ban-time because I run a very busy server. As part of that, I removed root
ssh access, because it's just about time.


On a side note, before I get to my question, I wrote before because
ForwardX11 wasn't working. I solved it by removing and re-installing
openssh-server and openssh-clients. Well, it quit working again after the
next reboot, which is coming more often than I'd like because of it being
new. In any case, after disabling root login, it hasn't failed yet.


My question is: Do you know a good method of denying access to non-captcha
forms using fail2ban. If you've used it, and have it working, I'd like to
know. I've checked online and found easy ways to prevent login-enabled
form access, but these are public forms and don't require a login.


Thanks,

---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---



_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 09-28-2008, 12:15 PM
Bob McClure Jr
 
Default Fail2Ban?

On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> I've installed fail2ban and it's working nicely. I lengthened out the
> ban-time because I run a very busy server. As part of that, I removed root
> ssh access, because it's just about time.
>
> On a side note, before I get to my question, I wrote before because
> ForwardX11 wasn't working. I solved it by removing and re-installing
> openssh-server and openssh-clients. Well, it quit working again after the
> next reboot, which is coming more often than I'd like because of it being
> new. In any case, after disabling root login, it hasn't failed yet.
>
> My question is: Do you know a good method of denying access to non-captcha
> forms using fail2ban. If you've used it, and have it working, I'd like to
> know. I've checked online and found easy ways to prevent login-enabled
> form access, but these are public forms and don't require a login.

I don't know if this fits your problem or not, but it has pretty much
eliminated my form-spam problem without resorting to CAPTCHA. The
technique was described in SysAdmin April 2007, page 30. Add a
TEXTAREA field to your form, labeled "comments" or something common,
perhaps ahead of any other TEXTAREA field. Make it invisible by
adding 'style="display: none"' to its tag. For real humans, the field
is not there, but form bots will see it and poke their spam into it.
So then if your form processor sees that the invisible field is filled
in, it can ignore it, blacklist the IP, or anything else you care to
devise.

> Thanks,
>
> ---
> _/ _/ _/ _/_/_/ ____________ __o
> _/ _/ _/ _/ _/ ____________ _-<._
> _/_/ _/ _/_/_/ (_)/ (_)
> _/ _/ _/ _/ ......................
> _/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---
> "To mess up your Linux PC, you have to really work at it;
> to mess up a microsoft PC you just have to work on it."
> ---

Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 09-28-2008, 09:33 PM
Karl Pearson
 
Default Fail2Ban?

On Sun, 28 Sep 2008, Bob McClure Jr wrote:


On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:

I've installed fail2ban and it's working nicely. I lengthened out the
ban-time because I run a very busy server. As part of that, I removed root
ssh access, because it's just about time.

On a side note, before I get to my question, I wrote before because
ForwardX11 wasn't working. I solved it by removing and re-installing
openssh-server and openssh-clients. Well, it quit working again after the
next reboot, which is coming more often than I'd like because of it being
new. In any case, after disabling root login, it hasn't failed yet.

My question is: Do you know a good method of denying access to non-captcha
forms using fail2ban. If you've used it, and have it working, I'd like to
know. I've checked online and found easy ways to prevent login-enabled
form access, but these are public forms and don't require a login.


I don't know if this fits your problem or not, but it has pretty much
eliminated my form-spam problem without resorting to CAPTCHA. The
technique was described in SysAdmin April 2007, page 30. Add a
TEXTAREA field to your form, labeled "comments" or something common,
perhaps ahead of any other TEXTAREA field. Make it invisible by
adding 'style="display: none"' to its tag. For real humans, the field
is not there, but form bots will see it and poke their spam into it.
So then if your form processor sees that the invisible field is filled
in, it can ignore it, blacklist the IP, or anything else you care to
devise.


Very nice. I'll give that a try. I do have comment fields now, but adding
one that is blank will be a dead giveaway.


So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
not SysAdmin. Send me some info for them.


Thanks,

Karl




Thanks,

---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---


Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe



---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 09-28-2008, 10:31 PM
Bob McClure Jr
 
Default Fail2Ban?

On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
>
> >On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> >>I've installed fail2ban and it's working nicely. I lengthened out the
> >>ban-time because I run a very busy server. As part of that, I removed root
> >>ssh access, because it's just about time.
> >>
> >>On a side note, before I get to my question, I wrote before because
> >>ForwardX11 wasn't working. I solved it by removing and re-installing
> >>openssh-server and openssh-clients. Well, it quit working again after the
> >>next reboot, which is coming more often than I'd like because of it being
> >>new. In any case, after disabling root login, it hasn't failed yet.
> >>
> >>My question is: Do you know a good method of denying access to non-captcha
> >>forms using fail2ban. If you've used it, and have it working, I'd like to
> >>know. I've checked online and found easy ways to prevent login-enabled
> >>form access, but these are public forms and don't require a login.
> >
> >I don't know if this fits your problem or not, but it has pretty much
> >eliminated my form-spam problem without resorting to CAPTCHA. The
> >technique was described in SysAdmin April 2007, page 30. Add a
> >TEXTAREA field to your form, labeled "comments" or something common,
> >perhaps ahead of any other TEXTAREA field. Make it invisible by
> >adding 'style="display: none"' to its tag. For real humans, the field
> >is not there, but form bots will see it and poke their spam into it.
> >So then if your form processor sees that the invisible field is filled
> >in, it can ignore it, blacklist the IP, or anything else you care to
> >devise.
>
> Very nice. I'll give that a try. I do have comment fields now, but adding
> one that is blank will be a dead giveaway.

Umm, I don't understand. How so?

To real humans it never shows up. It's not there. But to bots that
simply read HTML and don't grok CSS, it's another textarea field.
I suggested putting it ahead of any other textarea fields, because I
don't know if they fill in all textarea fields, or the first one they
find, or what.

> So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
> not SysAdmin. Send me some info for them.

Alas, they ceased publication July '07, however their website is still
up at

http://www.samag.com/

and they still advertise their back-issue CD-ROM which covers
1992-2006, which also includes _The Perl Journal_ from 1996-2002.

> Thanks,
>
> Karl
>
> >
> >Cheers,
> >--
> >Bob McClure, Jr.
> ---
> _/ _/ _/ _/_/_/ ____________ __o
> _/ _/ _/ _/ _/ ____________ _-<._
> _/_/ _/ _/_/_/ (_)/ (_)
> _/ _/ _/ _/ ......................
> _/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---
> "To mess up your Linux PC, you have to really work at it;
> to mess up a microsoft PC you just have to work on it."
> ---

Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 09-29-2008, 12:25 AM
Karl Pearson
 
Default Fail2Ban?

On Sun, 28 Sep 2008, Bob McClure Jr wrote:


On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:

On Sun, 28 Sep 2008, Bob McClure Jr wrote:


On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:

I've installed fail2ban and it's working nicely. I lengthened out the
ban-time because I run a very busy server. As part of that, I removed root
ssh access, because it's just about time.

On a side note, before I get to my question, I wrote before because
ForwardX11 wasn't working. I solved it by removing and re-installing
openssh-server and openssh-clients. Well, it quit working again after the
next reboot, which is coming more often than I'd like because of it being
new. In any case, after disabling root login, it hasn't failed yet.

My question is: Do you know a good method of denying access to non-captcha
forms using fail2ban. If you've used it, and have it working, I'd like to
know. I've checked online and found easy ways to prevent login-enabled
form access, but these are public forms and don't require a login.


I don't know if this fits your problem or not, but it has pretty much
eliminated my form-spam problem without resorting to CAPTCHA. The
technique was described in SysAdmin April 2007, page 30. Add a
TEXTAREA field to your form, labeled "comments" or something common,
perhaps ahead of any other TEXTAREA field. Make it invisible by
adding 'style="display: none"' to its tag. For real humans, the field
is not there, but form bots will see it and poke their spam into it.
So then if your form processor sees that the invisible field is filled
in, it can ignore it, blacklist the IP, or anything else you care to
devise.


Very nice. I'll give that a try. I do have comment fields now, but adding
one that is blank will be a dead giveaway.


Umm, I don't understand. How so?


Because it's hidden. And the ones I've gotten have all the fields filled
in. The bot doesn't know when to stop, so when I get the field that should
be empty, and isn't, I take action. Do I have that right?




To real humans it never shows up. It's not there. But to bots that
simply read HTML and don't grok CSS, it's another textarea field.
I suggested putting it ahead of any other textarea fields, because I
don't know if they fill in all textarea fields, or the first one they
find, or what.


So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
not SysAdmin. Send me some info for them.


Alas, they ceased publication July '07, however their website is still
up at

http://www.samag.com/

and they still advertise their back-issue CD-ROM which covers
1992-2006, which also includes _The Perl Journal_ from 1996-2002.


Thanks,

Karl



Cheers,
--
Bob McClure, Jr.

---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---
"To mess up your Linux PC, you have to really work at it;
to mess up a microsoft PC you just have to work on it."
---


Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe



---
_/ _/ _/ _/_/_/ ____________ __o
_/ _/ _/ _/ _/ ____________ _-<._
_/_/ _/ _/_/_/ (_)/ (_)
_/ _/ _/ _/ ......................
_/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
---
http://consulting.ourldsfamily.com
---

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 
Old 09-29-2008, 12:32 AM
Bob McClure Jr
 
Default Fail2Ban?

On Sun, Sep 28, 2008 at 06:25:21PM -0600, Karl Pearson wrote:
> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
>
> >On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
> >>On Sun, 28 Sep 2008, Bob McClure Jr wrote:
> >>
> >>>On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> >>>>I've installed fail2ban and it's working nicely. I lengthened out the
> >>>>ban-time because I run a very busy server. As part of that, I removed
> >>>>root
> >>>>ssh access, because it's just about time.
> >>>>
> >>>>On a side note, before I get to my question, I wrote before because
> >>>>ForwardX11 wasn't working. I solved it by removing and re-installing
> >>>>openssh-server and openssh-clients. Well, it quit working again after
> >>>>the
> >>>>next reboot, which is coming more often than I'd like because of it
> >>>>being
> >>>>new. In any case, after disabling root login, it hasn't failed yet.
> >>>>
> >>>>My question is: Do you know a good method of denying access to
> >>>>non-captcha
> >>>>forms using fail2ban. If you've used it, and have it working, I'd like
> >>>>to
> >>>>know. I've checked online and found easy ways to prevent login-enabled
> >>>>form access, but these are public forms and don't require a login.
> >>>
> >>>I don't know if this fits your problem or not, but it has pretty much
> >>>eliminated my form-spam problem without resorting to CAPTCHA. The
> >>>technique was described in SysAdmin April 2007, page 30. Add a
> >>>TEXTAREA field to your form, labeled "comments" or something common,
> >>>perhaps ahead of any other TEXTAREA field. Make it invisible by
> >>>adding 'style="display: none"' to its tag. For real humans, the field
> >>>is not there, but form bots will see it and poke their spam into it.
> >>>So then if your form processor sees that the invisible field is filled
> >>>in, it can ignore it, blacklist the IP, or anything else you care to
> >>>devise.
> >>
> >>Very nice. I'll give that a try. I do have comment fields now, but adding
> >>one that is blank will be a dead giveaway.
> >
> >Umm, I don't understand. How so?
>
> Because it's hidden. And the ones I've gotten have all the fields filled
> in. The bot doesn't know when to stop, so when I get the field that should
> be empty, and isn't, I take action. Do I have that right?

Oh, okay, I understand. It's a dead giveaway to you. Yes, you have
it precisely right.

> >To real humans it never shows up. It's not there. But to bots that
> >simply read HTML and don't grok CSS, it's another textarea field.
> >I suggested putting it ahead of any other textarea fields, because I
> >don't know if they fill in all textarea fields, or the first one they
> >find, or what.
> >
> >>So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
> >>not SysAdmin. Send me some info for them.
> >
> >Alas, they ceased publication July '07, however their website is still
> >up at
> >
> >http://www.samag.com/
> >
> >and they still advertise their back-issue CD-ROM which covers
> >1992-2006, which also includes _The Perl Journal_ from 1996-2002.
> >
> >>Thanks,
> >>
> >>Karl
> >>
> >>>
> >>>Cheers,
> >>>--
> >>>Bob McClure, Jr.
> >
> >Cheers,
> >--
> >Bob McClure, Jr.
> ---
> _/ _/ _/ _/_/_/ ____________ __o
> _/ _/ _/ _/ _/ ____________ _-<._
> _/_/ _/ _/_/_/ (_)/ (_)
> _/ _/ _/ _/ ......................
> _/ _/ arl _/_/_/ _/ earson KarlP@ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---

Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob@bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@redhat.com
Subject: unsubscribe
 

Thread Tools




All times are GMT. The time now is 03:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org