Changes

Jump to navigation Jump to search
12 bytes removed ,  12:49, 22 December 2013
m
Line 88: Line 88:  
*qpsmtpd. If a remote server send you too many mails which qpsmtpd rejects, it's probably spammer, so Fail2ban will blacklist it. MaxRetry is x3 for this service, so with the default config, a remote server will be blacklisted if 9 mails are rejected in less than 15 minutes
 
*qpsmtpd. If a remote server send you too many mails which qpsmtpd rejects, it's probably spammer, so Fail2ban will blacklist it. MaxRetry is x3 for this service, so with the default config, a remote server will be blacklisted if 9 mails are rejected in less than 15 minutes
 
*httpd-e-smith. The standard http server. 3 different filters check apache logs:
 
*httpd-e-smith. The standard http server. 3 different filters check apache logs:
  * noscripts: check client which ask for scripts which are not available on your server. It's usually script-kiddies trying to exploit security vulerabilities
+
** noscripts: check client which ask for scripts which are not available on your server. It's usually script-kiddies trying to exploit security vulerabilities
  * scan: another set of filter for popular scans (phpMyAdmin, wp-login, admin area etc...)
+
** scan: another set of filter for popular scans (phpMyAdmin, wp-login, admin area etc...)
  * auth: will check for standard authentication failure
+
** auth: will check for standard authentication failure
 
*pam. This will check a generic authentication failure. Everything which uses pam should work
 
*pam. This will check a generic authentication failure. Everything which uses pam should work
*[[SOGo]]. Check SOGo logs for failed authentications
+
*[[Sogo|SOGo]]. Check SOGo logs for failed authentications
*[[LemonLDAP::NG|LemonLDAP-NG]]. Check system logs for auth failure on LemonLDAP::NG portal
+
*[[LemonLDAP-NG]]. Check system logs for auth failure on LemonLDAP::NG portal
 
*ftp. Check auth failure on your FTP daemon
 
*ftp. Check auth failure on your FTP daemon
 
*[[Ejabberd]]. Check auth failure against EJabberd
 
*[[Ejabberd]]. Check auth failure against EJabberd

Navigation menu