• Advertisement

Generating abuse emails without fail2ban

Generating abuse emails without fail2ban

Postby bld55 » 7. Oct 2017, 22:58

Hello

I am not using fail2ban, storing logs in a different format. Thus, I have been trying to follow the instructions at https://www.blocklist.de/en/download.html#ohnefail2ban in order to translate all abuse attempts into one abuse email per IP by using an hourly cron*

Assumption: Even if enough attempts weren't reached in that time range, blocklist.de will take them into account when processing the next batch.

However, I have been unable to get blocklist.de to process them, as the counters show 0 attacks and 0 reports, while more than 1000 mails were sent (sometimes with an email bearing hundreds of log lines, so it's not for scarcity of entries, either). I assume your parser is disliking something of the emails, and I have already tried little tweaks in slightly ambiguous parts of the description, in case they fixed them, to no avail.

Martin, could you check what's wrong with them? Or even simpler, just publish the email-parsing script somewhere, so that I could run it myself against the generated mail, and no longer deal with a black box.

Thanks

* I can change the frequency and actual time to different values if that is nicer for you, of course.
bld55
 
Posts: 1
Joined: 1. Oct 2017, 00:43

Re: Generating abuse emails without fail2ban

Postby Martin » 7. Oct 2017, 23:26

Hi,

there are different Checks for the Logfiles.
If the Attacked Service like "bruteforcelogin on Joomla/Wordpress", it needs 6 Loglines with failed login attempts.
If ther attacked Service like "mail", there was all reports with "45x temporarily reject", was droped....

Please send me per PM/Contactform one of a Attacker IP or your Server-Email-Address or blocklist.de-Server-ID, i can check it.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service
User avatar
Martin
 
Posts: 407
Joined: 14. Sep 2010, 11:54


Return to Fail2Ban and blocklist

Who is online

Users browsing this forum: No registered users and 1 guest

  • Advertisement
cron
figurative