On 07/26/2017 10:01 PM, Joseph Tam wrote:
Olaf Hopp Olaf.Hopp@kit.edu wrote:
And I have a new one just for "unknown user" and here my bantime and findtime are much bigger and the retries are just '2'. So here I'm much harsher. I'll keep an eye on my logs and maybe some more twaeking is necessary.
Just be careful about typos (like twaeking!): users could simply misspell their username, or get mixed up with some another account or alias. This is why I favour targetting known bad accounts, not merely accounts that don't exist.
Joseph, but how often do you have to type your username ? Only on the initial config of your mailer. After that you are done. Exception is my webmail server. But that IP is of course on the "ignoreip" list of fail2ban. Otherwise it would be very easy to trigger a DOS without much effort. So this is why I decided to use two distinct jails with different policies. It seems to work reasonable well.
Regards, Olaf
-- Karlsruher Institut für Technologie (KIT) ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Gebäude 50.34, Raum 009 76131 Karlsruhe Telefon: +49 721 608-43973 Fax: +49 721 608-46699 E-Mail: Olaf.Hopp@kit.edu atis.informatik.kit.edu
www.kit.edu
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.