Travel Travel reports, it is all about food
Montreal: Schwartz's, Le Petit Alep
Albums: Pictures and some notes
ITRANS Song Book Hindi, Urdu, Marathi song lyrics
Online ITRANS Web Interface
BlockHosts block hosts
BlockHosts FAQ
BlockHosts Forum
CD Inserts & Envelopes Web Interface
Nisha Ganatra's Films
Cake: starring Heather Graham
Email: avinash@aczoom.com
can anyone help my,
can anyone help my, please????
You can experiment and make
You can experiment and make changes to the other regex, this one should be simple:
For use with the latest blockhosts, which uses the LOG_PREFIX and HOST_IP patterns, the following may work:
"courierpop3-LoginFail": r'{LOG_PREFIX{courierpop3login}} LOGIN FAILED, ip=\[{HOST_IP}]',This has not been tested, you should test it. And, if the log contains the other line (courierpop3-Fail) there is no need to add another pattern.
great! thank you very much
great! thank you very much for your great help! i will replace the other phrase with the new one and will test it! but the problems with blocking and watching are always the same :(
not blocking, check iptables
If network communication is not being blocked, see if iptables is working, and has the IP address:
Should show the blocked IP. And if you are using other rules in iptables, you may need to check if some other rule is overriding the blockhosts rules.
this is the
this is the output:
---
Chain blockhosts (1 references)
target prot opt source destination
DROP all -- 79.209.106.127 0.0.0.0/0
---
the ip is the same like in email:
---
Blocking hosts:
79.209.106.127
Watching hosts:
79.209.106.127 count: 55 updated at: 2008-03-29 14:05:01 CET
Log messages:
blockhosts 2.3.1 started: 2008-03-29 14:05:01 CET ... loaded /etc/hosts.allow, starting counts: blocked 1, watched 1 ... loading log file /var/log/auth.log, offset: 848868 ... loading log file /var/log/mail.err, offset: 39734 ... discarding all host entries older than 2008-03-29 02:05:01 CET
Notice: count=55, blocking host: 79.209.106.127 ... final counts: blocked 1, watched 1
---
but why there are 55 attempts???? maybe the blocking of proftpd is not correct?
some reasons
some reasons why the count is 55:
1) there are historical log entries - before the rule in iptables was inserted, that IP may have made attempts to connect
2) iptables is not blocking because you have some other rule in there that allows all IP connections
(I am afraid I cannot help with iptables debugging)
3) if iptables is working as shown in the DROP line, it will stop all communication with that host, for all programs.
point 1 is not possible,
point 1 is not possible, because log-rotation is enabled and blockhosts can set a marker (i see it in hosts.allow)
point 3 is also not possible, because i tested it with wrong ssh-attempts. the ip is not be banned for 12 h.
point 2 is a possibility... :(
hello, it is a not so good
hello,
it is a not so good problem: i use the bastille firewall-system. if it is turned off, blockhosts work fine. otherwise (bastille is active) the rules from blockhosts are ignored!
greetings
should be solveable
Well, that should make it possible to fix it.
When you have both bastille and blockhosts, and one or more IP addresses blocked by blockhosts, then as root, do this:
/sbin/iptables -L -n
and the output will show why the blockhosts rules are not being applied, and then we can look into how to fix it.
is it useful for a webserver
is it useful for a webserver to use the bastille-firewall? the rules are much more than with a inactive firewall! a lot of routings are not going over the socket but over the ip!