if i use the command bfd -a it has listed some attack hosts yet it hasn't added anything to the deny rules in apf
also can someone tell me how i could setup a script or something to remove the bans put in place by bfd i sort of want it to ban someone but only for a set amount of time (say 15mins)
just incase someone was to login ftp enter the wrong password and then get banned becuase of their clients auto retry kept retrying the login with the wrong password or something.
really want someone to be blocked long enough for them to be detered from attempting a bruteforce attack but at the sametime i dont want to perminatly ban legitamte users who simply forgotten their password.
espcally if i was to ban myself (and yes i know i could set it so my ip never gets banned but my ip is dynamicly assinged by my isp)
basicly i just want to deter people from trying a bruteforce attack by banning them for upto 15mins
if they persisted id then add them to the deny_hosts.rules.clean
it looks like correct, but I would change the time the crontab runs to 25 or 30 minutes
suppose someone do an attack at minute 14... he will be unblocked at minute 15
so 2 suggestions:
- if you want an average of 15 minutes banned, set it to 30 minutes... but there still may happen people being blocked at minute 29 and unblocked at minute 30
- set a cron that, each 15 minutes, compare the deny_hosts.rules with a deny_hosts.rules.old file... then set the deny_hosts.rules as the difference (intersection) between them
then copy deny_hosts.rules to deny_hosts.rules.old
this way you'll remove only the ones that were banned for at least 15 minutes (but maybe more)
you can probably get to do that without much effort using something like "cat deny_hosts.rules | grep -v -f deny_hosts.rules.old >deny_hosts.rules"... just make sure you don't have any empty lines in the file
the first suggestion is easier and I don't have a problem with it, because even if the person get banned for 1 minute, if he tries again, he will get banned again
not to sure if its rebanning correctly after unbanning
might it have something to do the file lock setting in the config file for bfd?
also its not emailing me when it bans someone
ive tryed setting the email notify address to my email account and back to root (which is forwarded to my email acc anyway) and yet i dont get any emails about the bans even with notify user set to "1" in config