Fail2Ban?

Karl Pearson karlp at ourldsfamily.com
Mon Sep 29 00:25:21 UTC 2008 

On Sun, 28 Sep 2008, Bob McClure Jr wrote:

> On Sun, Sep 28, 2008 at 03:33:27PM -0600, Karl Pearson wrote:
>> On Sun, 28 Sep 2008, Bob McClure Jr wrote:
>>
>>> On Sat, Sep 27, 2008 at 09:41:35PM -0600, Karl Pearson wrote:
>>>> I've installed fail2ban and it's working nicely. I lengthened out the
>>>> ban-time because I run a very busy server. As part of that, I removed root
>>>> ssh access, because it's just about time.
>>>>
>>>> On a side note, before I get to my question, I wrote before because
>>>> ForwardX11 wasn't working. I solved it by removing and re-installing
>>>> openssh-server and openssh-clients. Well, it quit working again after the
>>>> next reboot, which is coming more often than I'd like because of it being
>>>> new. In any case, after disabling root login, it hasn't failed yet.
>>>>
>>>> My question is: Do you know a good method of denying access to non-captcha
>>>> forms using fail2ban. If you've used it, and have it working, I'd like to
>>>> know. I've checked online and found easy ways to prevent login-enabled
>>>> form access, but these are public forms and don't require a login.
>>>
>>> I don't know if this fits your problem or not, but it has pretty much
>>> eliminated my form-spam problem without resorting to CAPTCHA.  The
>>> technique was described in SysAdmin April 2007, page 30.  Add a
>>> TEXTAREA field to your form, labeled "comments" or something common,
>>> perhaps ahead of any other TEXTAREA field.  Make it invisible by
>>> adding 'style="display: none"' to its tag.  For real humans, the field
>>> is not there, but form bots will see it and poke their spam into it.
>>> So then if your form processor sees that the invisible field is filled
>>> in, it can ignore it, blacklist the IP, or anything else you care to
>>> devise.
>>
>> Very nice. I'll give that a try. I do have comment fields now, but adding
>> one that is blank will be a dead giveaway.
>
> Umm, I don't understand.  How so?

Because it's hidden. And the ones I've gotten have all the fields filled 
in. The bot doesn't know when to stop, so when I get the field that should 
be empty, and isn't, I take action. Do I have that right?

>
> To real humans it never shows up.  It's not there.  But to bots that
> simply read HTML and don't grok CSS, it's another textarea field.
> I suggested putting it ahead of any other textarea fields, because I
> don't know if they fill in all textarea fields, or the first one they
> find, or what.
>
>> So, SysAdmin, huh? I've been a subscriber to Linux Journal for years, but
>> not SysAdmin. Send me some info for them.
>
> Alas, they ceased publication July '07, however their website is still
> up at
>
> http://www.samag.com/
>
> and they still advertise their back-issue CD-ROM which covers
> 1992-2006, which also includes _The Perl Journal_ from 1996-2002.
>
>> Thanks,
>>
>> Karl
>>
>>>
>>> Cheers,
>>> --
>>> Bob McClure, Jr.
>> ---
>>       _/  _/      _/      _/_/_/       ____________   __o
>>      _/ _/       _/      _/    _/     ____________  _-\\<._
>>     _/_/        _/      _/_/_/                     (_)/ (_)
>>    _/ _/       _/      _/           ......................
>>   _/   _/ arl _/_/_/  _/ earson    KarlP at ourldsfamily.com
>> ---
>> http://consulting.ourldsfamily.com
>> ---
>> "To mess up your Linux PC, you have to really work at it;
>>  to mess up a microsoft PC you just have to work on it."
>> ---
>
> Cheers,
> --
> Bob McClure, Jr.             Bobcat Open Systems, Inc.
> bob at bobcatos.com             http://www.bobcatos.com
> [S]o Christ was sacrificed once to take away the sins of many people;
> and he will appear a second time, not to bear sin, but to bring
> salvation to those who are waiting for him.  Hebrews 9:28 (NIV)
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-install-list
> To Unsubscribe Go To ABOVE URL or send a message to:
> redhat-install-list-request at redhat.com
> Subject: unsubscribe
>

---
      _/  _/      _/      _/_/_/       ____________   __o
     _/ _/       _/      _/    _/     ____________  _-\\<._
    _/_/        _/      _/_/_/                     (_)/ (_)
   _/ _/       _/      _/           ......................
  _/   _/ arl _/_/_/  _/ earson    KarlP at ourldsfamily.com
---
http://consulting.ourldsfamily.com
---

More information about the Redhat-install-list mailing list