Fail2Ban?
Bob McClure Jr
bob at bobcatos.com
Sun Sep 28 22:31:40 UTC 2008
On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
>
> >On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> >>I've installed fail2ban and it's working nicely. I lengthened out the
> >>ban-time because I run a very busy server. As part of that, I removed root
> >>ssh access, because it's just about time.
> >>
> >>On a side note, before I get to my question, I wrote before because
> >>ForwardX11 wasn't working. I solved it by removing and re-installing
> >>openssh-server and openssh-clients. Well, it quit working again after the
> >>next reboot, which is coming more often than I'd like because of it being
> >>new. In any case, after disabling root login, it hasn't failed yet.
> >>
> >>My question is: Do you know a good method of denying access to non-captcha
> >>forms using fail2ban. If you've used it, and have it working, I'd like to
> >>know. I've checked online and found easy ways to prevent login-enabled
> >>form access, but these are public forms and don't require a login.
> >
> >I don't know if this fits your problem or not, but it has pretty much
> >eliminated my form-spam problem without resorting to CAPTCHA. The
> >technique was described in SysAdmin April 2007, page 30. Add a
> >TEXTAREA field to your form, labeled "comments" or something common,
> >perhaps ahead of any other TEXTAREA field. Make it invisible by
> >adding 'style="display: none"' to its tag. For real humans, the field
> >is not there, but form bots will see it and poke their spam into it.
> >So then if your form processor sees that the invisible field is filled
> >in, it can ignore it, blacklist the IP, or anything else you care to
> >devise.
>
> Very nice. I'll give that a try. I do have comment fields now, but adding
> one that is blank will be a dead giveaway.
Umm, I don't understand. How so?
To real humans it never shows up. It's not there. But to bots that
simply read HTML and don't grok CSS, it's another textarea field.
I suggested putting it ahead of any other textarea fields, because I
don't know if they fill in all textarea fields, or the first one they
find, or what.
> So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
> not SysAdmin. Send me some info for them.
Alas, they ceased publication July '07, however their website is still
up at
http://www.samag.com/
and they still advertise their back-issue CD-ROM which covers
1992-2006, which also includes _The Perl Journal_ from 1996-2002.
> Thanks,
>
> Karl
>
> >
> >Cheers,
> >--
> >Bob McClure, Jr.
> ---
> _/ _/ _/ _/_/_/ ____________ __o
> _/ _/ _/ _/ _/ ____________ _-\\<._
> _/_/ _/ _/_/_/ (_)/ (_)
> _/ _/ _/ _/ ......................
> _/ _/ arl _/_/_/ _/ earson KarlP at ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---
> "To mess up your Linux PC, you have to really work at it;
> to mess up a microsoft PC you just have to work on it."
> ---
Cheers,
--
Bob McClure, Jr. Bobcat Open Systems, Inc.
bob at bobcatos.com http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him. Hebrews 9:28 (NIV)
More information about the Redhat-install-list
mailing list