The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

fail2ban question

Discussion in 'General Discussion' started by ebinfo, Aug 3, 2012.

  1. ebinfo

    ebinfo Active Member

    Joined:
    Oct 5, 2005
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    hello people.

    i am having a nasty problem with china and their incessant need of brute forcing into my server.

    i get tons of entries like this one inside the exim_mainlog

    2012-07-28 21:58:29 courier_login authenticator failed for (do) [<IP_ADDRESS>]:<PORT>: 535 Incorrect authentication data (set_id=<EMAIL@HOST.COM>)

    <IP_ADDRESS> and <EMAIL@HOST.COM> as well as <PORT> have been redacted for the purpose of this report.

    fail2ban does not seem to be able to block these user and keep them out, despite it being properly configured.

    I checked my regex and it is showing matches so it's not a detection issue.

    I am wondering if anybody out there on cpanel forums sucessfully got fail2ban to work in exim_mainlog to keep these pesky users out of the server once and for all.

    Best Regards,
     
  2. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    In cases I use CSF/LFD to stop these. Add the country code you wish to block, in this case CN and they're gone for good. You can also use it's LFD logic to block attackers too.

    Thanks!
     
Loading...

Share This Page