[SAC] fail2ban based trac spam filter

Alex M tech_dev at wildintellect.com
Thu May 5 09:56:13 PDT 2016 

Markus,

While we're at it could you make a fail2ban filter for the
ldap_create_user page?

Thanks,
Alex

On 05/05/2016 10:25 AM, Markus Neteler wrote:
> On Wed, May 4, 2016 at 4:21 PM, Sandro Santilli <strk at keybit.net> wrote:
>> FYI, on trac.osgeo.org I've added a trac-specific fail2ban
>> jail configuration to ban hosts which attempt to create
>> spam-looking wiki pages.
>>
>> Right now the filter is very simple, it won't catch every
>> spam attack and the ban will only last 10 minutes. I'm a bit
>> afraid about testing it as I suspect (but didn't test to confirm
>> that being banned by fail2ban would mean being banned from any
>> service, including ssh).
> 
> Cool, seems to do something:
> 
> ...
> 2016-05-05 05:26:42,111 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.171.75.116
> 2016-05-05 05:34:52,759 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.16.26.206
> 2016-05-05 05:35:45,956 fail2ban.actions: WARNING [osgeo-trac-auth]
> Unban xx.177.75.66
> 2016-05-05 05:40:19,168 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.171.75.171
> 2016-05-05 06:03:01,778 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.108.224.46
> 2016-05-05 06:19:24,002 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban xx.237.93.16
> 2016-05-05 06:29:24,692 fail2ban.actions: WARNING [osgeo-trac-auth]
> Unban xx.237.93.16
> 2016-05-05 06:33:50,615 fail2ban.actions: WARNING [ssh] Ban xx.186.21.218
> 2016-05-05 06:43:51,378 fail2ban.actions: WARNING [ssh] Unban xx.186.21.218
> 2016-05-05 06:44:42,445 fail2ban.actions: WARNING [ssh] Ban xx.186.21.218
> 2016-05-05 06:46:35,046 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban xx.68.244.160
> 2016-05-05 06:50:58,353 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban xx.62.124.32
> 2016-05-05 06:54:43,196 fail2ban.actions: WARNING [ssh] Unban xx.186.21.218
> 2016-05-05 06:56:35,802 fail2ban.actions: WARNING [osgeo-trac-auth]
> Unban xx.68.244.160
> 2016-05-05 06:57:24,940 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.238.234.84
> 2016-05-05 07:00:59,163 fail2ban.actions: WARNING [osgeo-trac-auth]
> Unban xx.62.124.32
> 2016-05-05 07:01:04,276 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban xx.76.111.245
> 2016-05-05 07:07:47,727 fail2ban.actions: WARNING [osgeo-trac-spam]
> Ban xx.151.180.142
> ...
> 
> Markus
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>

More information about the Sac mailing list