[SAC] fail2ban based trac spam filter

Markus Neteler neteler at osgeo.org
Thu May 5 07:25:21 PDT 2016 

On Wed, May 4, 2016 at 4:21 PM, Sandro Santilli <strk at keybit.net> wrote:
> FYI, on trac.osgeo.org I've added a trac-specific fail2ban
> jail configuration to ban hosts which attempt to create
> spam-looking wiki pages.
>
> Right now the filter is very simple, it won't catch every
> spam attack and the ban will only last 10 minutes. I'm a bit
> afraid about testing it as I suspect (but didn't test to confirm
> that being banned by fail2ban would mean being banned from any
> service, including ssh).

Cool, seems to do something:

...
2016-05-05 05:26:42,111 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.171.75.116
2016-05-05 05:34:52,759 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.16.26.206
2016-05-05 05:35:45,956 fail2ban.actions: WARNING [osgeo-trac-auth]
Unban xx.177.75.66
2016-05-05 05:40:19,168 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.171.75.171
2016-05-05 06:03:01,778 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.108.224.46
2016-05-05 06:19:24,002 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban xx.237.93.16
2016-05-05 06:29:24,692 fail2ban.actions: WARNING [osgeo-trac-auth]
Unban xx.237.93.16
2016-05-05 06:33:50,615 fail2ban.actions: WARNING [ssh] Ban xx.186.21.218
2016-05-05 06:43:51,378 fail2ban.actions: WARNING [ssh] Unban xx.186.21.218
2016-05-05 06:44:42,445 fail2ban.actions: WARNING [ssh] Ban xx.186.21.218
2016-05-05 06:46:35,046 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban xx.68.244.160
2016-05-05 06:50:58,353 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban xx.62.124.32
2016-05-05 06:54:43,196 fail2ban.actions: WARNING [ssh] Unban xx.186.21.218
2016-05-05 06:56:35,802 fail2ban.actions: WARNING [osgeo-trac-auth]
Unban xx.68.244.160
2016-05-05 06:57:24,940 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.238.234.84
2016-05-05 07:00:59,163 fail2ban.actions: WARNING [osgeo-trac-auth]
Unban xx.62.124.32
2016-05-05 07:01:04,276 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban xx.76.111.245
2016-05-05 07:07:47,727 fail2ban.actions: WARNING [osgeo-trac-spam]
Ban xx.151.180.142
...

Markus

More information about the Sac mailing list