Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
2009-03-02 02:14:40,957 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-03-02 02:14:40,959 fail2ban.jail : INFO Creating new jail 'ssh' 2009-03-02 02:14:40,959 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-03-02 02:14:40,997 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 02:14:40,999 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:14:41,002 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:14:41,004 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:14:41,160 fail2ban.jail : INFO Jail 'ssh' started 2009-03-02 02:19:12,609 fail2ban.jail : INFO Jail 'ssh' stopped 2009-03-02 02:19:13,137 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-03-02 02:19:13,139 fail2ban.jail : INFO Creating new jail 'apache-noscript' 2009-03-02 02:19:13,139 fail2ban.jail : INFO Jail 'apache-noscript' uses poller 2009-03-02 02:19:13,166 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:19:13,168 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:19:13,171 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,172 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,192 fail2ban.jail : INFO Creating new jail 'named-refused-udp' 2009-03-02 02:19:13,193 fail2ban.jail : INFO Jail 'named-refused-udp' uses poller 2009-03-02 02:19:13,195 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 02:19:13,197 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 02:19:13,200 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,201 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,220 fail2ban.jail : INFO Creating new jail 'ssh-ddos' 2009-03-02 02:19:13,220 fail2ban.jail : INFO Jail 'ssh-ddos' uses poller 2009-03-02 02:19:13,222 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 02:19:13,224 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:19:13,227 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,229 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,244 fail2ban.jail : INFO Creating new jail 'apache-overflows' 2009-03-02 02:19:13,245 fail2ban.jail : INFO Jail 'apache-overflows' uses poller 2009-03-02 02:19:13,247 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:19:13,249 fail2ban.filter : INFO Set maxRetry = 2 2009-03-02 02:19:13,252 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,253 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,275 fail2ban.jail : INFO Creating new jail 'ssh' 2009-03-02 02:19:13,276 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-03-02 02:19:13,278 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 02:19:13,280 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:19:13,282 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,284 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,406 fail2ban.jail : INFO Creating new jail 'apache' 2009-03-02 02:19:13,406 fail2ban.jail : INFO Jail 'apache' uses poller 2009-03-02 02:19:13,409 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:19:13,410 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:19:13,413 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,415 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,435 fail2ban.jail : INFO Creating new jail 'named-refused-tcp' 2009-03-02 02:19:13,436 fail2ban.jail : INFO Jail 'named-refused-tcp' uses poller 2009-03-02 02:19:13,438 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 02:19:13,440 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 02:19:13,443 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:19:13,444 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:19:13,478 fail2ban.jail : INFO Jail 'apache-noscript' started 2009-03-02 02:19:13,504 fail2ban.jail : INFO Jail 'named-refused-udp' started 2009-03-02 02:19:13,574 fail2ban.jail : INFO Jail 'ssh-ddos' started 2009-03-02 02:19:13,616 fail2ban.jail : INFO Jail 'apache-overflows' started 2009-03-02 02:19:13,655 fail2ban.jail : INFO Jail 'ssh' started 2009-03-02 02:19:13,666 fail2ban.jail : INFO Jail 'apache' started 2009-03-02 02:19:13,731 fail2ban.jail : INFO Jail 'named-refused-tcp' started 2009-03-02 02:34:39,763 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows iptables -F fail2ban-apache-overflows iptables -X fail2ban-apache-overflows returned 100 2009-03-02 02:34:39,764 fail2ban.jail : INFO Jail 'apache-overflows' stopped 2009-03-02 02:34:40,578 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript iptables -F fail2ban-apache-noscript iptables -X fail2ban-apache-noscript returned 100 2009-03-02 02:34:40,578 fail2ban.jail : INFO Jail 'apache-noscript' stopped 2009-03-02 02:34:40,781 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh iptables -F fail2ban-ssh iptables -X fail2ban-ssh returned 100 2009-03-02 02:34:41,173 fail2ban.jail : INFO Jail 'ssh' stopped 2009-03-02 02:34:41,604 fail2ban.actions.action: ERROR iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp iptables -F fail2ban-named-refused-udp iptables -X fail2ban-named-refused-udp returned 100 2009-03-02 02:34:41,605 fail2ban.jail : INFO Jail 'named-refused-udp' stopped 2009-03-02 02:34:41,904 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache iptables -F fail2ban-apache iptables -X fail2ban-apache returned 100 2009-03-02 02:34:41,905 fail2ban.jail : INFO Jail 'apache' stopped 2009-03-02 02:34:42,640 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos iptables -F fail2ban-ssh-ddos iptables -X fail2ban-ssh-ddos returned 100 2009-03-02 02:34:42,641 fail2ban.jail : INFO Jail 'ssh-ddos' stopped 2009-03-02 02:34:42,912 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp iptables -F fail2ban-named-refused-tcp iptables -X fail2ban-named-refused-tcp returned 100 2009-03-02 02:34:42,912 fail2ban.jail : INFO Jail 'named-refused-tcp' stopped 2009-03-02 02:34:43,441 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-03-02 02:34:43,443 fail2ban.jail : INFO Creating new jail 'apache-noscript' 2009-03-02 02:34:43,443 fail2ban.jail : INFO Jail 'apache-noscript' uses poller 2009-03-02 02:34:43,469 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:34:43,471 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:34:43,474 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,476 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,496 fail2ban.jail : INFO Creating new jail 'named-refused-udp' 2009-03-02 02:34:43,497 fail2ban.jail : INFO Jail 'named-refused-udp' uses poller 2009-03-02 02:34:43,499 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 02:34:43,501 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 02:34:43,504 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,505 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,523 fail2ban.jail : INFO Creating new jail 'ssh-ddos' 2009-03-02 02:34:43,524 fail2ban.jail : INFO Jail 'ssh-ddos' uses poller 2009-03-02 02:34:43,527 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 02:34:43,528 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:34:43,531 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,533 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,549 fail2ban.jail : INFO Creating new jail 'apache-overflows' 2009-03-02 02:34:43,550 fail2ban.jail : INFO Jail 'apache-overflows' uses poller 2009-03-02 02:34:43,552 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:34:43,554 fail2ban.filter : INFO Set maxRetry = 2 2009-03-02 02:34:43,557 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,559 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,581 fail2ban.jail : INFO Creating new jail 'ssh' 2009-03-02 02:34:43,581 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-03-02 02:34:43,584 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 02:34:43,586 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:34:43,588 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,590 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,714 fail2ban.jail : INFO Creating new jail 'apache' 2009-03-02 02:34:43,715 fail2ban.jail : INFO Jail 'apache' uses poller 2009-03-02 02:34:43,717 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 02:34:43,719 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 02:34:43,722 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,723 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,744 fail2ban.jail : INFO Creating new jail 'named-refused-tcp' 2009-03-02 02:34:43,745 fail2ban.jail : INFO Jail 'named-refused-tcp' uses poller 2009-03-02 02:34:43,747 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 02:34:43,749 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 02:34:43,752 fail2ban.filter : INFO Set findtime = 600 2009-03-02 02:34:43,753 fail2ban.actions: INFO Set banTime = 600 2009-03-02 02:34:43,788 fail2ban.jail : INFO Jail 'apache-noscript' started 2009-03-02 02:34:43,811 fail2ban.jail : INFO Jail 'named-refused-udp' started 2009-03-02 02:34:43,882 fail2ban.jail : INFO Jail 'ssh-ddos' started 2009-03-02 02:34:43,922 fail2ban.jail : INFO Jail 'apache-overflows' started 2009-03-02 02:34:43,973 fail2ban.jail : INFO Jail 'ssh' started 2009-03-02 02:34:44,049 fail2ban.jail : INFO Jail 'apache' started 2009-03-02 02:34:44,076 fail2ban.jail : INFO Jail 'named-refused-tcp' started 2009-03-02 14:28:58,869 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 14:38:59,141 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 14:49:32,181 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 14:59:32,229 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 15:00:16,381 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 15:10:16,425 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 15:11:45,465 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 15:21:45,501 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 15:26:03,541 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 15:36:03,581 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-apache-noscript returned 100 2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment 2009-03-02 15:36:03,646 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript iptables -F fail2ban-apache-noscript iptables -X fail2ban-apache-noscript returned 100 2009-03-02 15:36:03,714 fail2ban.actions.action: ERROR iptables -D fail2ban-apache-noscript -s 77.253.0.150 -j DROP returned 100 2009-03-02 15:37:07,713 fail2ban.actions: WARNING [apache-noscript] Ban 77.253.0.150 2009-03-02 15:47:07,749 fail2ban.actions: WARNING [apache-noscript] Unban 77.253.0.150 2009-03-02 19:38:22,256 fail2ban.actions: WARNING [apache-noscript] Ban 83.238.148.13 2009-03-02 19:48:22,589 fail2ban.actions: WARNING [apache-noscript] Unban 83.238.148.13 2009-03-02 22:04:25,577 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows iptables -F fail2ban-apache-overflows iptables -X fail2ban-apache-overflows returned 100 2009-03-02 22:04:25,578 fail2ban.jail : INFO Jail 'apache-overflows' stopped 2009-03-02 22:04:26,121 fail2ban.jail : INFO Jail 'apache-noscript' stopped 2009-03-02 22:04:26,163 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh iptables -F fail2ban-ssh iptables -X fail2ban-ssh returned 100 2009-03-02 22:04:26,785 fail2ban.jail : INFO Jail 'ssh' stopped 2009-03-02 22:04:27,259 fail2ban.actions.action: ERROR iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp iptables -F fail2ban-named-refused-udp iptables -X fail2ban-named-refused-udp returned 100 2009-03-02 22:04:27,259 fail2ban.jail : INFO Jail 'named-refused-udp' stopped 2009-03-02 22:04:27,324 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache iptables -F fail2ban-apache iptables -X fail2ban-apache returned 100 2009-03-02 22:04:28,217 fail2ban.jail : INFO Jail 'apache' stopped 2009-03-02 22:04:29,176 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos iptables -F fail2ban-ssh-ddos iptables -X fail2ban-ssh-ddos returned 100 2009-03-02 22:04:29,176 fail2ban.jail : INFO Jail 'ssh-ddos' stopped 2009-03-02 22:04:29,295 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp iptables -F fail2ban-named-refused-tcp iptables -X fail2ban-named-refused-tcp returned 100 2009-03-02 22:04:29,295 fail2ban.jail : INFO Jail 'named-refused-tcp' stopped 2009-03-02 22:04:29,993 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3 2009-03-02 22:04:29,995 fail2ban.jail : INFO Creating new jail 'apache-noscript' 2009-03-02 22:04:29,995 fail2ban.jail : INFO Jail 'apache-noscript' uses poller 2009-03-02 22:04:30,040 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 22:04:30,042 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 22:04:30,045 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,047 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,067 fail2ban.jail : INFO Creating new jail 'named-refused-udp' 2009-03-02 22:04:30,068 fail2ban.jail : INFO Jail 'named-refused-udp' uses poller 2009-03-02 22:04:30,078 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 22:04:30,080 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 22:04:30,083 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,085 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,103 fail2ban.jail : INFO Creating new jail 'ssh-ddos' 2009-03-02 22:04:30,103 fail2ban.jail : INFO Jail 'ssh-ddos' uses poller 2009-03-02 22:04:30,106 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 22:04:30,108 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 22:04:30,111 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,112 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,129 fail2ban.jail : INFO Creating new jail 'apache-overflows' 2009-03-02 22:04:30,129 fail2ban.jail : INFO Jail 'apache-overflows' uses poller 2009-03-02 22:04:30,131 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 22:04:30,133 fail2ban.filter : INFO Set maxRetry = 2 2009-03-02 22:04:30,136 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,138 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,161 fail2ban.jail : INFO Creating new jail 'ssh' 2009-03-02 22:04:30,161 fail2ban.jail : INFO Jail 'ssh' uses poller 2009-03-02 22:04:30,164 fail2ban.filter : INFO Added logfile = /var/log/auth.log 2009-03-02 22:04:30,165 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 22:04:30,168 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,170 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,292 fail2ban.jail : INFO Creating new jail 'apache' 2009-03-02 22:04:30,292 fail2ban.jail : INFO Jail 'apache' uses poller 2009-03-02 22:04:30,295 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log 2009-03-02 22:04:30,296 fail2ban.filter : INFO Set maxRetry = 6 2009-03-02 22:04:30,299 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,301 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,322 fail2ban.jail : INFO Creating new jail 'named-refused-tcp' 2009-03-02 22:04:30,322 fail2ban.jail : INFO Jail 'named-refused-tcp' uses poller 2009-03-02 22:04:30,325 fail2ban.filter : INFO Added logfile = /var/log/named/security.log 2009-03-02 22:04:30,327 fail2ban.filter : INFO Set maxRetry = 3 2009-03-02 22:04:30,330 fail2ban.filter : INFO Set findtime = 600 2009-03-02 22:04:30,331 fail2ban.actions: INFO Set banTime = 3600 2009-03-02 22:04:30,425 fail2ban.jail : INFO Jail 'apache-noscript' started 2009-03-02 22:04:30,463 fail2ban.jail : INFO Jail 'named-refused-udp' started 2009-03-02 22:04:30,497 fail2ban.jail : INFO Jail 'ssh-ddos' started 2009-03-02 22:04:30,627 fail2ban.jail : INFO Jail 'apache-overflows' started 2009-03-02 22:04:30,674 fail2ban.jail : INFO Jail 'ssh' started 2009-03-02 22:04:30,722 fail2ban.jail : INFO Jail 'apache' started 2009-03-02 22:04:30,795 fail2ban.jail : INFO Jail 'named-refused-tcp' started
czemu mam te bledy?
2009-03-02 02:34:39,763 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows 2009-03-02 02:34:40,578 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript 2009-03-02 02:34:40,781 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh 2009-03-02 02:34:41,604 fail2ban.actions.action: ERROR iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp 2009-03-02 02:34:41,904 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache 2009-03-02 02:34:42,640 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos 2009-03-02 02:34:42,912 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp 2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR iptables -n -L INPUT | grep -q fail2ban-apache-noscript returned 100 2009-03-02 15:36:03,595 fail2ban.actions.action: ERROR Invariant check failed. Trying to restore a sane environment 2009-03-02 15:36:03,646 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-noscript 2009-03-02 15:36:03,714 fail2ban.actions.action: ERROR iptables -D fail2ban-apache-noscript -s 77.253.0.150 -j DROP returned 100 2009-03-02 22:04:25,577 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache-overflows 2009-03-02 22:04:26,163 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh 2009-03-02 22:04:27,259 fail2ban.actions.action: ERROR iptables -D INPUT -p udp -m multiport --dports domain,53 -j fail2ban-named-refused-udp 2009-03-02 22:04:27,324 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports http,https -j fail2ban-apache 2009-03-02 22:04:29,176 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh-ddos 2009-03-02 22:04:29,295 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports domain,53 -j fail2ban-named-refused-tcp
Offline
nie, ciagle mam ten sam
#!/bin/sh IPTABLES=/sbin/iptables $IPTABLES -F $IPTABLES -X $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A FORWARD -o lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED $IPTABLES -A FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED $IPTABLES -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED $IPTABLES -A INPUT -p icmp -j ACCEPT # ping $IPTABLES -I INPUT -i wlan0 -s 10.0.0.0/8 -j DROP # zabezpieczenie przeciw atakowi typu spoofing $IPTABLES -I INPUT -i wlan0 -s 172.16.0.0/12 -j DROP # zabezpieczenie przeciw atakowi typu spoofing $IPTABLES -I INPUT -i wlan0 -s 192.168.0.0/16 -j DROP # zabezpieczenie przeciw atakowi typu spoofing $IPTABLES -I INPUT -i wlan0 -s 192.168.13.37 -j ACCEPT # dopuszczenie ruchu z routera $IPTABLES -I INPUT -i wlan0 -s 127.0.0.0/8 -j DROP # zabezpieczenie przeciw atakowi typu spoofing $IPTABLES -A INPUT -p tcp -s 192.168.13.37 --dport 22 -j ACCEPT # ssh router (port 22) $IPTABLES -A INPUT -p tcp -s 192.168.13.37 --dport 443 -j ACCEPT # ssh router (port 443) $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT # dns (bind) $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT # dns (bind) $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT # http (apache) $IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT # auth (oidentd) $IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # zabezpieczenie $IPTABLES -A INPUT -f -j DROP # zabezpieczenie $IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # zabezpieczenie $IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # zabezpieczenie $IPTABLES -I INPUT -p icmp --icmp-type redirect -j DROP # zabezpieczenie $IPTABLES -I INPUT -p icmp --icmp-type router-advertisement -j DROP # zabezpieczenie $IPTABLES -I INPUT -p icmp --icmp-type router-solicitation -j DROP # zabezpieczenie $IPTABLES -I INPUT -p icmp --icmp-type address-mask-request -j DROP # zabezpieczenie $IPTABLES -I INPUT -p icmp --icmp-type address-mask-reply -j DROP # zabezpieczenie $IPTABLES -A INPUT -i he-ipv6 -j ACCEPT # ipv6 $IPTABLES -A OUTPUT -o he-ipv6 -j ACCEPT # ipv6 $IPTABLES -A INPUT -j ACCEPT -p ipv6 -s 209.51.161.14 # ipv6 $IPTABLES -A OUTPUT -j ACCEPT -p ipv6 -d 209.51.161.14 # ipv6 $IPTABLES -I INPUT -s 91.121.210.146 -j DROP # wycięcie ks364702.kimsufi.com $IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset # wycięcie innych protokołów jak TCP, UDP, ICMP $IPTABLES -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable # wycięcie innych protokołów jak TCP, UDP, ICMP $IPTABLES -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # logowanie porzuconych pakietów
Offline
root@debian:~ # /etc/init.d/firewall.sh root@debian:~ # /etc/init.d/fail2ban restart Restarting authentication failure monitor: fail2ban.
ok, zobaczymy
Offline
Sprawdź czy masz np. załadowany moduł multiport. Jak nie to pewnie to. Ja miałem podobny problem.
Offline
tzn wczesniej co jakis czas chyba firewalla "restartowalem", teraz juz slicznie dziala :)
Offline
a jak odbanowac kogos :D? bo mnie zbanowalo :P
Offline
probowalem recznie usunac z denyhosts i zaraz dokaldalo od nowa
to jak to sciagnac? mam denyhosts i fail2ban moge lokalnjie sie na serwer zalogowac
Ostatnio edytowany przez az (2009-03-17 17:34:58)
Offline
to da sie jakos usunac te bany?
Offline
nic, dodaje go znowu..
Offline
zrobilem stop
fail2ban, denyhosts
edytowalem ten plik hosts.deny, usunalem 192.168.*
"odpalilem" firewalla (skrypt sh), fail2ban i denyhosts, dalo sie wejsc, po jakims czasie sprawdzam..
root@debian:~ # cat /etc/hosts.deny | grep 192.168
ALL: 192.168.1.100
ALL: 192.168.1.86
eee teraz widze ze to jednak denyhosts mnie banuje
2009-03-18 23:06:16,135 - denyhosts : INFO new denied hosts: ['192.168.1.100', '192.168.1.86']
w koncu w fail2ban jest opcja ignorowania zakresu IP.. a w denyhosts chyba nie ;/
szukalem w faq denyhosts ale nie widze, ma taka opcje zeby danego zakresu ip nie blokowal?
Ostatnio edytowany przez az (2009-03-19 00:38:00)
Offline
Dobra, znalazlem :P
How can I remove an IP address that DenyHosts blocked?
If you have been accidentally locked out of one of your hosts (because DenyHosts has added it to /etc/hosts.deny you may have noticed that simply removing it from /etc/hosts.deny does not in itself correct the issue) since DenyHosts keeps track of the attempts in the WORK_DIR files. In order to cleanse the address you will need to do the following:
1. Stop DenyHosts
2. Remove the IP address from /etc/hosts.deny
3. Edit WORK_DIR/hosts and remove the lines containing the IP address. Save the file.
4. Edit WORK_DIR/hosts-restricted and remove the lines containing the IP address. Save the file.
5. Edit WORK_DIR/hosts-root and remove the lines containing the IP address. Save the file.
6. Edit WORK_DIR/hosts-valid and remove the lines containing the IP address. Save the file.
7. Edit WORK_DIR/user-hosts and remove the lines containing the IP address. Save the file.
8. (optional) Consider adding the IP address to WORK_DIR/allowed-hosts
9. Start DenyHosts
Note: Not all of the WORK_DIR files will contain the IP address so you may want to use grep to determine which files contain the IP address.
root@debian:~ # cat /etc/denyhosts.conf | grep WORK_DIR | grep =
WORK_DIR = /var/lib/denyhosts
Offline