Archive for the ‘Fail2ban’ Category

To make fail2ban monitor roundcube 0.8+ authentication access in logs/errors add this to
/etc/fail2ban/jail.conf or /etc/fail2ban/jail.local

[roundcube]
enabled = true
port = http,https
filter = roundcube
logpath = /var/lib/roundcube/logs/errors
maxretry = 3

(more…)

Advertisements

Some websites are still being hit with the infamous “w00tw00t” scans. You might see these scans in your logs as:

... "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 ...

I use fail2ban to get rid of these (more…)

I use fail2ban on my servers to ban IP addresses that show malicious signs for a specified amount of time.
Here is my setup on Debian squeeze: (more…)