* Dan Egli <d...@newideatest.site> [10-08-20 15:19]: > Hey all, > > In examining my log files one day I see there is one host that just > won't quit. Someone from this IP will try a brute-force SMTP Auth > attack, get banned, and as soon as the ban is lifted they are at it > again. Is there a way to keep increasing the ban time for jerks like > that? Or maybe to tell fail2ban not to unblock them automatically?
recidive # Fail2Ban filter for repeat bans # # This filter monitors the fail2ban log file, and enables you to add long # time bans for ip addresses that get banned by fail2ban multiple times. # # Reasons to use this: block very persistent attackers for a longer time, # stop receiving email notifications about the same attacker over and # over again. # # This jail is only useful if you set the 'findtime' and 'bantime' parameters # in jail.conf to a higher value than the other jails. Also, this jail has its # drawbacks, namely in that it works only with iptables, or if you use a # different blocking mechanism for this jail versus others (e.g. hostsdeny # for most jails, and shorewall for this one). -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
