Fail2Ban?
Bob McClure Jr
bob at bobcatos.com
Mon Sep 29 00:32:55 UTC 2008
On Sun, Sep 28, 2008 at 06:25:21PM -0600, Karl Pearson wrote:
> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
>
> >On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
> >>On Sun, 28 Sep 2008, Bob McClure Jr wrote:
> >>
> >>>On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> >>>>I've installed fail2ban and it's working nicely. I lengthened out the
> >>>>ban-time because I run a very busy server. As part of that, I removed
> >>>>root
> >>>>ssh access, because it's just about time.
> >>>>
> >>>>On a side note, before I get to my question, I wrote before because
> >>>>ForwardX11 wasn't working. I solved it by removing and re-installing
> >>>>openssh-server and openssh-clients. Well, it quit working again after
> >>>>the
> >>>>next reboot, which is coming more often than I'd like because of it
> >>>>being
> >>>>new. In any case, after disabling root login, it hasn't failed yet.
> >>>>
> >>>>My question is: Do you know a good method of denying access to
> >>>>non-captcha
> >>>>forms using fail2ban. If you've used it, and have it working, I'd like
> >>>>to
> >>>>know. I've checked online and found easy ways to prevent login-enabled
> >>>>form access, but these are public forms and don't require a login.
> >>>
> >>>I don't know if this fits your problem or not, but it has pretty much
> >>>eliminated my form-spam problem without resorting to CAPTCHA. The
> >>>technique was described in SysAdmin April 2007, page 30. Add a
> >>>TEXTAREA field to your form, labeled "comments" or something common,
> >>>perhaps ahead of any other TEXTAREA field. Make it invisible by
> >>>adding 'style="display: none"' to its tag. For real humans, the field
> >>>is not there, but form bots will see it and poke their spam into it.
> >>>So then if your form processor sees that the invisible field is filled
> >>>in, it can ignore it, blacklist the IP, or anything else you care to
> >>>devise.
> >>
> >>Very nice. I'll give that a try. I do have comment fields now, but adding
> >>one that is blank will be a dead giveaway.
> >
> >Umm, I don't understand. How so?
>
> Because it's hidden. And the ones I've gotten have all the fields filled
> in. The bot doesn't know when to stop, so when I get the field that should
> be empty, and isn't, I take action. Do I have that right?
Oh, okay, I understand. It's a dead giveaway to you. Yes, you have
it precisely right.
> >To real humans it never shows up. It's not there. But to bots that
> >simply read HTML and don't grok CSS, it's another textarea field.
> >I suggested putting it ahead of any other textarea fields, because I
> >don't know if they fill in all textarea fields, or the first one they
> >find, or what.
> >
> >>So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
> >>not SysAdmin. Send me some info for them.
> >
> >Alas, they ceased publication July '07, however their website is still
> >up at
> >
> >http://www.samag.com/
> >
> >and they still advertise their back-issue CD-ROM which covers
> >1992-2006, which also includes _The Perl Journal_ from 1996-2002.
> >
> >>Thanks,
> >>
> >>Karl
> >>
> >>>
> >>>Cheers,
> >>>--
> >>>Bob McClure, Jr.
> >
> >Cheers,
> >--
> >Bob McClure, Jr.
> ---
> _/ _/ _/ _/_/_/ ____________ __o
> _/ _/ _/ _/ _/ ____________ _-\\<._
> _/_/ _/ _/_/_/ (_)/ (_)
> _/ _/ _/ _/ ......................
> _/ _/ arl _/_/_/ _/ earson KarlP at ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob at bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)
More information about the Redhat-install-list
mailing list