Sending report

Antworten
Sich
Beiträge: 3
Registriert: 20. Jun 2016, 18:18

Sending report

Beitrag von Sich » 23. Jun 2016, 15:50

Hi,

I use blocklist.de as user for many month now but I want to help and send my own report.
For the moment I have few report but nothing show up on your site.
I have probably do something wrong but I don't know what.

I give you 2 exemple :
First one server ID 4196 with IP 167.114.243.xxx
I have send 1 report at 15H13 (+2 timezone) for dovecot.
This is the config part for this jail :
[dovecot]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = dovecot
logpath = /var/log/mail/mail.log
maxretry = 5
action = shorewall
mail[name=dovecot, dest=fail2ban@siegler-xxx.fr]
sendmail-whois-lines[name=dovecot, dest=fail2ban@blocklist.de, logpath=%(logpath)s ]

My logs show me that I have send the mail.


Another exemple with wordpress brute force.
Server ID 4208, IP 149.202.51.xxx
Mail sent at 14H33 (+2 timezone).
[apache-wp-xmlrpc]
enabled = true
port = http,https
filter = apache-wp-xmlrpc
logpath = /var/log/apache2/access.log
maxretry = 6
action = shorewall
mail[name=apache-wp-xmlrpc, dest=fail2ban@siegler-xxx.Fr]
sendmail-whois-lines[name=apache-wp-xmlrpc, dest=fail2ban@blocklist.de, logpath=%(logpath)s]


Do you have something in your logfile ?
Maybe I have do something wrong in my config file ?

Thx for the help :)
Zuletzt geändert von Martin am 23. Jun 2016, 18:10, insgesamt 1-mal geändert.
Grund: removed domain-name and IP and other "private" data, to secure your privacy

Benutzeravatar
Martin
Beiträge: 397
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Sending report

Beitrag von Martin » 23. Jun 2016, 18:07

Hi Sich,

we received a lot of Mails from your IPs and drop only a few (w00tw00t, apache-overflows), because this typs could not reported (makes too many false-positives).

But now, the Problem is, that you have in the Profile a other E-Mail-address in the Server-Profile, so it does not match to your Reports.
I have allow me, to change the Server-Addresses in your Profile for you from root@ to the right E-Mailaddress, which was seen in our Mail logs (fail2ban@).

P.S. the Login-/Profile-Sites are now in French available too (but only translated with google.com/translate/) :-)
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Sich
Beiträge: 3
Registriert: 20. Jun 2016, 18:18

Re: Sending report

Beitrag von Sich » 23. Jun 2016, 18:19

Thx !
ok you can make any change that you need.
I will remove the apache-overflow and w00tw00t from my config.

But it's strange, on my side the mail are from root@... But as I say, make the change.
Once all will work I will add more server for the reporting.

Thx again :)

Benutzeravatar
Martin
Beiträge: 397
Registriert: 14. Sep 2010, 11:54
Kontaktdaten:

Re: Sending report

Beitrag von Martin » 23. Jun 2016, 18:24

Hi Sich,
how many Server left?
I can make a Patch for you, when all Hostnames/From-Addresses have the same main-domain like (server1.main-domain.tld, server200.main-domain.tld), that he would automatically added with Servername from the subdomain.
So you need only to adjust fail2ban to "sender=fail2ban@servername.main-domain.tld" and the other Settings, restart Fail2ban, done.
Mfg Martin
http://www.blocklist.de/de/ Fail2Ban Reporting Service

Sich
Beiträge: 3
Registriert: 20. Jun 2016, 18:18

Re: Sending report

Beitrag von Sich » 23. Jun 2016, 19:05

Thx for your job, it seem to work.
I have only 6 more server to add atm. It will be easy for me don't worry.

This system is really fine to share bad IP. Thx for what you do here.

Antworten