| View previous topic :: View next topic |
| Author |
Message |
asankaan
n00b
Joined: 17 Jul 2006
Posts: 60
|
 Posted: Wed Mar 09, 2011 9:15 am Post subject: fail2ban with roundcube [SOLVED] |
 |
|
Hi,
I'm using roundcube 0.5.1 with fail2ban 0.8.4-r2 on a gentoo box.
I need to block brute force attacks on roundcube.
I added following to jail.conf
| Code: |
[roundcube]
enabled = true
port = https
filter = roundcube
action = iptables-multiport[name=Roundcube, port="https,443", protocol=tcp]
logpath = /var/www/localhost/htdocs/roundcube/logs/errors
maxretry = 3
bantime = 3600
|
my filter.d / roundcube.conf
| Code: |
[Definition]
failregex = IMAP Error: Login failed for .* from <HOST>
ignoreregex =
|
I receive the following error when an authentication error occurs:
2011-03-09 13:00:50,933 fail2ban.filter : WARNING Unable to find a corresponding IP address for 192.168.1.10.
*192.168.1.10 is a host in my LAN.
Anyone have any idea where i've gone wrong?
Thanks in advance
Asanka
Last edited by asankaan on Sat Mar 12, 2011 10:31 am; edited 1 time in total |
|
| Back to top |
|
 |
M
Guru
Joined: 12 Dec 2006
Posts: 432
|
| Posted: Wed Mar 09, 2011 2:45 pm Post subject: |
|
|
I don't think you can do it like this. You actually want to stop brute force attacks against imap server, better configure or use predefined filter for your imap server, dovecot, courier etc.
Edit: I see now, you don't have imap port visible from outside, only web app, so you want to block 443...
There was a similar thread, https://forums.gentoo.org/viewtopic-t-704833-start-0.html , also, you don't need multiport for https |
|
| Back to top |
|
|
asankaan
n00b
Joined: 17 Jul 2006
Posts: 60
|
| Posted: Sat Mar 12, 2011 10:21 am Post subject: |
|
|
Hi,
Thanks for the reply.
Actually I've not exposed my IMAP server & only the https access is needs to be protected.
I could solve the problem by changing jail.conf to
| Code: |
[roundcube]
enabled = true
port = https
filter = roundcube
action = iptables[name=roundcube, port="https"]
logpath = /var/www/localhost/htdocs/roundcube/logs/errors
bantime = 3600
maxretry = 5
|
& filters.d/roundcube.conf to
| Code: |
[Definition]
failregex = IMAP Error: Login failed for <HOST>
ignoreregex =
|
Thanks,
Asanka |
|
| Back to top |
|
|
asankaan
n00b
Joined: 17 Jul 2006
Posts: 60
|
| Posted: Sat Mar 12, 2011 10:22 am Post subject: |
|
|
Hi,
Thanks for the reply.
Actually I've not exposed my IMAP server & only the https access is needs to be protected.
I could solve the problem by changing jail.conf to
| Code: |
[roundcube]
enabled = true
port = https
filter = roundcube
action = iptables[name=roundcube, port="https"]
logpath = /var/www/localhost/htdocs/roundcube/logs/errors
bantime = 3600
maxretry = 5
|
& filters.d/roundcube.conf to
| Code: |
[Definition]
failregex = IMAP Error: Login failed for <HOST>
ignoreregex =
|
Thanks,
Asanka |
|
| Back to top |
|
|
asankaan
n00b
Joined: 17 Jul 2006
Posts: 60
|
| Posted: Sat Mar 12, 2011 10:24 am Post subject: |
|
|
Hi,
Thanks for the reply.
Actually I've not exposed my IMAP server & only the https access is needs to be protected.
I could solve the problem by changing jail.conf to
| Code: |
[roundcube]
enabled = true
port = https
filter = roundcube
action = iptables[name=roundcube, port="https"]
logpath = /var/www/localhost/htdocs/roundcube/logs/errors
bantime = 3600
maxretry = 5
|
& filters.d/roundcube.conf to
| Code: |
[Definition]
failregex = IMAP Error: Login failed for <HOST>
ignoreregex =
|
Thanks,
Asanka |
|
| Back to top |
|
|
|
Networking & Security
