Fail2Ban?

Bob McClure Jr bob at bobcatos.com
Sun Sep 28 22:31:40 UTC 2008 

On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
> 
> >On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
> >>I've installed fail2ban and it's working nicely. I lengthened out the
> >>ban-time because I run a very busy server. As part of that, I removed root
> >>ssh access, because it's just about time.
> >>
> >>On a side note, before I get to my question, I wrote before because
> >>ForwardX11 wasn't working. I solved it by removing and re-installing
> >>openssh-server and openssh-clients. Well, it quit working again after the
> >>next reboot, which is coming more often than I'd like because of it being
> >>new. In any case, after disabling root login, it hasn't failed yet.
> >>
> >>My question is: Do you know a good method of denying access to non-captcha
> >>forms using fail2ban. If you've used it, and have it working, I'd like to
> >>know. I've checked online and found easy ways to prevent login-enabled
> >>form access, but these are public forms and don't require a login.
> >
> >I don't know if this fits your problem or not, but it has pretty much
> >eliminated my form-spam problem without resorting to CAPTCHA.  The
> >technique was described in SysAdmin April 2007, page 30.  Add a
> >TEXTAREA field to your form, labeled "comments" or something common,
> >perhaps ahead of any other TEXTAREA field.  Make it invisible by
> >adding 'style="display: none"' to its tag.  For real humans, the field
> >is not there, but form bots will see it and poke their spam into it.
> >So then if your form processor sees that the invisible field is filled
> >in, it can ignore it, blacklist the IP, or anything else you care to
> >devise.
> 
> Very nice. I'll give that a try. I do have comment fields now, but adding 
> one that is blank will be a dead giveaway.

Umm, I don't understand.  How so?

To real humans it never shows up.  It's not there.  But to bots that
simply read HTML and don't grok CSS, it's another textarea field.
I suggested putting it ahead of any other textarea fields, because I
don't know if they fill in all textarea fields, or the first one they
find, or what.

> So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but 
> not SysAdmin. Send me some info for them.

Alas, they ceased publication July '07, however their website is still
up at

http://www.samag.com/

and they still advertise their back-issue CD-ROM which covers
1992-2006, which also includes _The Perl Journal_ from 1996-2002.

> Thanks,
> 
> Karl
> 
> >
> >Cheers,
> >--
> >Bob McClure, Jr.
> ---
>       _/  _/      _/      _/_/_/       ____________   __o
>      _/ _/       _/      _/    _/     ____________  _-\\<._
>     _/_/        _/      _/_/_/                     (_)/ (_)
>    _/ _/       _/      _/           ......................
>   _/   _/ arl _/_/_/  _/ earson    KarlP at ourldsfamily.com
> ---
> http://consulting.ourldsfamily.com
> ---
> "To mess up your Linux PC, you have to really work at it;
>  to mess up a microsoft PC you just have to work on it."
> ---

Cheers,
-- 
Bob McClure, Jr.             Bobcat Open Systems, Inc.
bob at bobcatos.com             http://www.bobcatos.com
[S]o Christ was sacrificed once to take away the sins of many people;
and he will appear a second time, not to bear sin, but to bring
salvation to those who are waiting for him.  Hebrews 9:28 (NIV)

More information about the Redhat-install-list mailing list