Battling the Bots – fail2ban seems to work

One thing that surprised me (well shocked me to be honest) after bringing this little site on line was waking up in the morning to find my server access logs had grown by megabytes over night. Closer inspection showed a small number of highly aggressive bots hitting web, mail and sshd servers. One bot alone tried many thousands of user/pass combinations on the email server, firing off up to fifty incoming threads at a time. Presumably it would have tried more but 50 was the server configuration limit.

So I decided to install fail2ban. By default fail2ban only has one rule enabled checking sshd but comes with predefined failure checking filters for most popular server software (web, email ftp etc) and example templates in the configuration file to enable logging of anything else desired. You can set how many failures per time interval are needed to trigger a ban and how long the ban will last. You can choose to ban the user only from that protocol or from all IP access. fail2ban creates rules in the firewall to implement the block.

Well, since turning on monitoring of attempted web, sshd, ftp and email intrusions I’ve been able to get up the next day without finding the odd 10 thousand attempted break-ins. So, so far, so good (touch wood)  and I can recommend fail2ban to anyone running any servers with incoming ports open to the Internet.

fail2ban output log

Output log from an older version of fail2ban from Wikipedia showing fail2ban at work

If you want to be more pro-active there’s a good article “Fail2ban setup for Apache” which shows how to block the bots as soon as they simply scan the site looking for vulnerabilities.

Hopefully that’s me done with the bots for now. Will see how it goes.

81 thoughts on “Battling the Bots – fail2ban seems to work

  1. AA; I don’t know what fedup was concerned about, and I must say I am ambivalent about responding to him. Don’t take him too seriously in his acerbic style. I have seen him display compassion, but he is quite the angry young man. Perhaps you have heard the following;
    “People who don’t care are quite demonstrative that they do; those who do care often appear as though they don’t’
    {paraphrased}

    He hasn’t quite found the balance yet. JMO

  2. A passing thought which keeps coming up; Why do you think there is such a desire for pyromania, looking for arguments, pandering to the contrary just for the shock effect? I have been commenting on CM for 2 years and I’ve seen a sea-change there in that period. Is there something in the air?

  3. Something’s going on, Ben. It’s not just on the CM website, but that shows a rather marginal side of things anyway. It’s difficult to describe. I’ve taken to asking people what they think is going to happen without wanting to impose my own thoughts, just letting them run on.

    In a large part, I think most people are utterly deluded about where problems actually reside. Either they’re demonstrably wrong (blaming “greens”, lefties, commies, anyone else who is most definitely NOT in charge), or they are fatalistically given to the idea we’re screwed, the game is up. Or they just don’t care at all.

    Personally, I’m rather feeling that the game is totally sewn up, and we’re screwed anyway, even if we were not.

    Damn… rambling again.

  4. Rambling? No, consciousness stream. It’s a pandemic, I agree, glenn. (greetings, btw). The most difficult part is Craig’s seeming detachment from his blog after a few comments on a new thread. I should think it’s a showcase for him, and he would nurse frequently. I know he hasn’t been well, yet I feel he’s not THAT unwell. Not wishing to transfer a loyal following to CM but I think a private forum such as AA created (private until discovered that is) could bleed off some frustration. Have Craig or Clark visited? I guess I could check through the posts. Now, I’M rambling.
    cheers.

  5. Ben,

    I’ve been reading for years as well. Didn’t comment much most of the time. Coincidentally or not I think things changed after Craig’s blog was listed as the third most important political blog in the UK by ebuzzing.co.uk.

    That was back in 2012 and Craig posted proudly about it at the time. Now they list it as the 80th most important political UK blog. That’s some fall down the rankings.

  6. Ben,

    I’m just guessing here but possibly if Craig is unavailable for any time due to health or other reasons, then when he is able to check in he takes one look at the comments and feels there is little point in carrying on.

  7. Another thought. I hope RD or someone else didn’t actually contact the police as they said they would.

    I was thinking of things like football club forums and band forums where the admins are well aware that they can sometimes get posts which they must remove immediately (and probably refer it to the police themselves). In Scottish football forums it tends to be religious hatred (Glasgow Rangers historically Protestant, Glasgow Celtic historically Catholic for example). In music someone will pop into the latest teen sensation forum and post a must-click news link supposedly about the band that actually links to something obscene at best or illegal at worst.

    There have been convictions in Scotland for hate posted online.

    http://www.bbc.co.uk/news/uk-scotland-glasgow-west-15333744

    Internet bigot Stephen Birrell jailed for eight months

    A man who posted sectarian comments on a Facebook page called “Neil Lennon Should be Banned” has been jailed for eight months.

    Stephen Birrell, 28, from Glasgow, admitted posting the religiously prejudiced abuse earlier this year.

    Sheriff Bill Totten said what Birrell had done was a hate crime which would not be tolerated by “the right thinking people of Glasgow and Scotland”.

    …On 1 March, two days before the Old Firm match, Birrell posted: “Hope they (Celtic fans) all die. Simple. Catholic scumbags ha ha.”

    On 4 March, the day after the game, he wrote: “Proud to hate Fenian tattie farmers. Simple ha ha.”

    Four days later Birrell posted: “They’re all ploughing the fields the dirty scumbags.”

    He also posted abuse directed at the Pope.

    If certain US based forums were hosted in Scotland a large proportion of the posters and mods/admins would be in jail by now.

  8. Actually, I don’t think it was anything to do with CM at all – it appears that Jon [mod] stuck his head around the door, and decided nobody was allowed to post anymore and shut down the lot.

    Jon was moaning that CM never even bothered replying to his emails, when he was requesting advice on the direction the blog should go (whether to ban or not, etc.). It’s unlikely CM suddenly leapt into action over a couple of dodgy posts and banned everyone. Strikes me that this is entirely Jon’s doing (after granting himself the last word on the matter). Seems a bit petulant too, tbh.

    CM would have said something first.

  9. What glenn said. It didn’t really sound like Jon to paint everyone with the same brush. It’s a little like elementary school when a few rowdy students cause the whole class to suffer punishment.

  10. Craig’s a big cricket fan. England are 308 for no wicket against Australia A (!!!) in the Ashes warm up match. Hopefully that will cheer him up. Listen live to Day 2 at http://www.bbc.co.uk/iplayer/console/bbc_radio_five_live_sports_extra (that’s if it stops raining).

    Btw, We’re in threaded mode for comments. I could switch it to just flat by posting time order as it is on Craig’s if people strongly prefer that.

    Hopefully Jon’s just making sure everyone gets the message; Craig will bounce back in rude health and the blog can get back into some semblance of sanity again.

  11. Hi AA… thanks, and I think flat-threaded with timestamps would allow everyone (!) here understands that as being a more familiar format. Appreciate your facilitating this in the meantime.

  12. Hi AA, Ben …. Glen

    I had a feeling something drastic would happen after Nevermind’s second last post

    seemed ominous at the time, and he was very angry.

    Ach lets see how it works out….

    AA, Ben, was it just my end or did any of you get the Earth Sky Ison interactive Link link to work ( left it on CM @ 2;22 ish )

  13. Hello folks, I just popped in to show that I’m still about. Hello glenn_uk, I hadn’t seen a comment from you images. Hello all.

    Thanks for setting up this site, AlcAnon.

    I think it was probably just Jon who decided to close comments. Jon might be worried that he could be held legally responsible if Craig isn’t tending the blog.

  14. Hi Clark (and Brian, Macky, AA!) –

    I realised what you meant straight away, Norways. I mean, no worries. 😉

    It’s kind of hard to imagine that Jon would be actually be held responsible for a comment a third party made on someone else’s blog, after Jon had already made clear he was throwing in the moderating towel.

    It’s a tough job, being a mod, and I don’t envy the person doing it at all. It’s rather a shame he’s decided that since he wasn’t getting enough appreciation, it’s now gone altogether. Lot of people still made worthwhile comments there.

    Personally, I got fed up with that dreadful, ignorant post CM did on Gaia. Obviously he’s not going to be right on everything, nobody is. Heck, I even get things wrong myself sometimes.

    *

    Would it be in order to suggest a move to AA’s forum, that he kindly provided, instead of here (the comments section on a single post) ?

  15. Good idea on the forum, glenn. When Clark gave up his mod duties he no longer had admin access, yet Jon was able to get in, so I wonder if he actually resigned.

  16. I know y’all aren’t directly affected, but you’re still affected. EQ activity WW is down from the spate of activity of recent weeks.

    http://rt.com/news/fukushima-destroy-japan-us-290/

    ““Fukushima is the most terrifying situation that I can imagine,” Suzuki said, adding that another earthquake could trigger a potentially catastrophic, nuclear disaster.

    “The fourth [reactor] has been so badly damaged that the fear is if there’s another earthquake of a 7 or above then that building will go and all hell breaks loose,” he said, adding that the chances of an earthquake measuring 7 or above in Japan over the next three years were over 95 percent.

    “If the fourth [reactor] goes under an earthquake and those rods are exposed, then it’s bye, bye, Japan and everybody on the west coast of North America should be evacuated. And if that isn’t terrifying, I don’t know what is,” Suzuki said. “

  17. “Last month Amos Yadlin, a former head of Israeli military intelligence, told a conference in Sweden that if Iran got the bomb, “the Saudis will not wait one month. They already paid for the bomb, they will go to Pakistan and bring what they need to bring.”

    Since 2009, when King Abdullah of Saudi Arabia warned visiting US special envoy to the Middle East Dennis Ross that if Iran crossed the threshold, “we will get nuclear weapons”, the kingdom has sent the Americans numerous signals of its intentions.”

    http://www.bbc.co.uk/news/world-middle-east-24823846

  18. Revenge of the sour & condescending ex-mod

    “Bah, you’re all at it again. For all our dissidents calling for unrestricted freedom of speech, this is what you wanted. Not very productive though, is it?”

    “Hopefully everyone can now turn off their computers for a bit, and read a good book instead! Peace to all.”

  19. Macky: Shouldn’t the term be ‘censor’, not ‘mod’ ?

    Seriously though, this is one of the most patronising displays I’ve seen for a while. It’s cut off important sources from one another, and removed a rare area of free speech. I’m just surprised Jon didn’t end his condescending little note with, “Run along now children.”

  20. Hmmm. Bill Gates has his own seed vault.

    http://www.globalresearch.ca/doomsday-seed-vault-in-the-arctic-2/23503

    GMO as a weapon of biowarfare?

    Now we come to the heart of the danger and the potential for misuse inherent in the Svalbard project of Bill Gates and the Rockefeller foundation. Can the development of patented seeds for most of the world’s major sustenance crops such as rice, corn, wheat, and feed grains such as soybeans ultimately be used in a horrible form of biological warfare?

    The explicit aim of the eugenics lobby funded by wealthy elite families such as Rockefeller, Carnegie, Harriman and others since the 1920’s, has embodied what they termed ‘negative eugenics,’ the systematic killing off of undesired bloodlines. Margaret Sanger, a rapid eugenicist, the founder of Planned Parenthood International and an intimate of the Rockefeller family, created something called The Negro Project in 1939, based in Harlem, which as she confided in a letter to a friend, was all about the fact that, as she put it, ‘we want to exterminate the Negro population.’ 11

    A small California biotech company, Epicyte, in 2001 announced the development of genetically engineered corn which contained a spermicide which made the semen of men who ate it sterile. At the time Epicyte had a joint venture agreement to spread its technology with DuPont and Syngenta, two of the sponsors of the Svalbard Doomsday Seed Vault. Epicyte was since acquired by a North Carolina biotech company. Astonishing to learn was that Epicyte had developed its spermicidal GMO corn with research funds from the US Department of Agriculture, the same USDA which, despite worldwide opposition, continued to finance the development of Terminator technology, now held by Monsanto.

  21. @Glen_uk,

    Even the word “censor” doesn’t convey the severity of Jon’s action in shutting the Blog down; I just hope that Craig soon re-opens by posting again.

    I’ve long suspected that there’s something about Jon that not quite right, this action certainly doesn’t reassure me.

  22. Ben,

    A couple of non-NASA astronomers have done some calculations of their own on Ison’s tail. They came to the conclusion that we would encounter effectively no dust at all and can’t figure out why NASA talked of a potential “double-dusting” of earth in January at all. We’ll have to wait and see.

    Btw,NewThor video on the asteroid with 6 tails https://www.youtube.com/watch?v=Mrl3dE1g4rQ

    AA

  23. Hullo Macky…

    such a shame about the close down… But thanks to AA some of us can keep in contact 🙂

    AA…sorry about omitting that link to Nevermind’s post… finding that must have cost you some moments … and the six tailed asteroid is something else eh.

    Ben I’ve been looking into all that seed vault stuff..Kinda frightening –

    This explanation of their modus operandi comes from Gates website directly:

    Ensuring that the genetic diversity of the world’s food crops is preserved for future generations is an important contribution toward the reduction of hunger and poverty in developing countries. This is where the greatest plant diversity originates and where the need for food security and the further development of agriculture is most urgent.

    The Svalbard Global Seed Vault, which is established in the permafrost in the mountains of Svalbard, is designed to store duplicates of seeds from seed collections around the globe. Many of these collections are in developing countries. If seeds are lost, e.g. as a result of natural disasters, war or simply a lack of resources, the seed collections may be reestablished using seeds from Svalbard.

    The loss of biological diversity is currently one of the greatest challenges facing the environment and sustainable development. The diversity of food crops is under constant pressure. The consequence could be an irreversible loss of the opportunity to grow crops adapted to climate change, new plant diseases and the needs of an expanding population.

    “The question is, what global catastrophic occurrence do the investors in this seed vault anticipate? If you follow the money trail it isn’t hard to figure out –

    “If you think the recent scandals of the Wall Street Banks, Libel, and the Federal Reserve were outlandish, imagine global bio-warfare on the world population. That is what this is leading to. It will make the Russian bread lines flanked by the KGB of times past look like a play date”

    http://www.nationofchange.org/bill-gates-and-gmo-cronies-plan-30-million-seed-vault-while-poisoning-planet-1373119522

    U2 front man Bono is up to his neck in it too….

    “Last week I drew attention to the New Alliance for Food Security and Nutrition, launched in the US when it chaired the G8 meeting last year. The alliance is pushing African countries into agreements that allow foreign companies to grab their land, patent their seeds and monopolise their food markets. Ignoring the voices of their own people, six African governments have struck deals with companies such as Monsanto, Cargill, Dupont, Syngenta, Nestlé and Unilever, in return for promises of aid by the UK and other G8 nations –

    .
    A wide range of activists, both African and European, is furious about the New Alliance. But the ONE campaign, co-founded by Bono, stepped up to defend it. The article it wrote last week was remarkable in several respects: in its elision of the interests of African leaders and those of their people, in its exaggeration of the role of small African companies, but above all in failing even to mention the injustice at the heart of the New Alliance – its promotion of a new wave of land grabbing. My curiosity was piqued.

    The first thing I discovered is that Bono has also praised the New Alliance, in a speech just before last year’s G8 summit in the US. The second thing I discovered is that much of the ONE campaign’s primary funding was provided by the Bill and Melinda Gates Foundation, two of whose executives sit on its board. The foundation has been working with the biotech company Monsanto and the grain trading giant Cargill, and has a large Monsanto shareholding. Bill Gates has responded to claims made about land grabbing in Africa, asserting, in the face of devastating evidence and massive resistance from African farmers, that “many of those land deals are beneficial, and it would be too bad if some were held back because of western groups’ ways of looking at things“. (Africans, you will note, keep getting written out of this story.)”

    “The third thing I discovered is that there’s a long history here. In his brilliant and blistering book The Frontman: Bono (in the Name of Power), just released in the UK, the Irish scholar Harry Browne maintains that “for nearly three decades as a public figure, Bono has been … amplifying elite discourses, advocating ineffective solutions, patronising the poor and kissing the arses of the rich and powerful”. His approach to Africa is “a slick mix of traditional missionary and commercial colonialism, in which the poor world exists as a task for the rich world to complete”.

    “There is a well-known if dubious story that claims that at a concert in Glasgow Bono began a slow hand-clap. He is supposed to have announced: “Every time I clap my hands, a child in Africa dies.” Whereupon someone in the audience shouted: “Well fucking stop doing it then.” It’s good advice, and I wish he’d take it.”

    http://www.hangthebankers.com/bono-exposed-as-a-complete-fraud/

    AA…Sorry for long post

  24. Brian; I’ve long heard that the mega-wealthy are buying islands of refuge and stocking up for a long-haul of drought and famine, and I think the seed vault is more a symptom of that intent. It seems somewhat separate from the global efforts to control food sources. I am finding that many ailments from toxins derive from what I think is the primary locus of our immune system, the gut. My wife has been experiencing 24/7 gas pains and a combination of probiotics was begun 60 days ago with some relief, but since she went gluten-free (3 weeks ago) she is free of discomfort. Gluten as the cellular glue tends to stick to the cell membrane and toxins find a permanent home. Gradually we are converting totally to organic (including meat which is unbelievably expensive) because the toxins exist apart from glutinous sources, of course.

    I’ve always known that government proscriptions seem to involve those things which kill quickly, but those substances which result in illness or shorten the life-span are tolerated. The eugenics of this global effort to proliferate GMO’s appears as though the design is not the putative ‘Green Revolution’ which was sold as the way to feed a growing population but is really a stealth strategy of thinning the herd so that more resources are available to the survivors. We’ve heard this before.

  25. AA; Brian brings up a good point. Do you have a bandwidth limit before you experience cost?

    As to six tails; Isn’t a tail caused by solar radiation? There could be six sources, or could there?

  26. Brian; I’ve wondered about Bono, so cozy with the players club. I’ve long suspected that anyone in the mainstream has been bought and sold. I guess it goes back to when I used to say not to trust anyone over 30. 🙂

  27. Ben,

    Don’t worry about bandwidth – there is a limit but unless I decide to host the latest pirated movies in HD I’m not going to exceed it 🙂

  28. Oh. Thorguy being tongue-in-cheeky so I thought he was messing with the asteroid vs comet idea. National Geographic is imbibing that it’s freakiness is the rotational rate causing the phenomenon. I guess if a comet is a dirty ball of ice, there are degrees of that state. Could have some interior gases which erupt when it’s more of an asteroid than comet, but the radiation should be the critical factor in any tail or ‘tails’. Whether asteroid or comet the only explanation is there are multiple sources for cosmic wind.

  29. Heh. I just talked about my wife’s gas and then I brought up solar wind. Unintentional humor is better. 🙂

  30. OK, Jons English. Were you on the stage? BTW, ‘fuck me’ doesn’t have the same meaning in Scotland as it does in the US. It’s a self-effacing expression of surprise.

  31. Ben,

    “Fuck me ” also has that meaning in Scotland (and that’s how I understood it). I can’t play anything well, despite trying, so was never on stage – let alone with Jon Anderson. Last spoke to him briefly on a Jon Anderson/Rick Wakeman acoustic tour a few years ago.

  32. However I have always though there are a couple of times in that Glastonbury gig where Jon Anderson looked directly at me. That’s sadly almost certainly just my ego imagining things.

  33. Ben.. yes Bono the great public speaker on African poverty… squashes real concerns, and voice of the people…he jumped on Peter Gabriel’s genuine heart felt humility, Jim kerr of simple minds Kinda tried it on too, but both of them with nothing like Gabriel’s persistence in actions ,and music.. but Whatever happened to the Elder’s project…much silence there

    i once took a hefty sculpture i made – that represents Stephen Biko – on the effin train…. to let Jim kerr see it backstage, as wee had word he was interested in it… but turns out he thought it was a gift – taxi after missing last train taxi driver was kinda generous…but still had to carry the sculpture up hill about a fucking mile

    AA… we seen Rick live in GREENOCK of all places, it was a clasical tour thingy…whata guy, and his patter ( chat ) is top class Lol

    any way Dudes, as it’s a new Weekend, and ( Peacable at least hereabouts – touch wood ) check this amazing video out…heart strings stuff

    Like prisoners emerging from a lifetime behind bars, a group of chimpanzees step blinking into the sunlight. This is the first time they have felt grass under their feet and breathed fresh air for 30 years.

    Watch oot for the Hugging of each other @ 1;25 in just awsome…poor wee things….its happy and yet sad too i think

    http://www.youtube.com/watch?v=ExEjXLMd4VA

  34. Hiya, I’m just checking in, saying hello.

    I’m in Glasgow. I needed directions, so I asked a couple of those “Community Support” or whatever they’re called Non-police police people. They were on bicycles. One of them told me I was in the East End of Glasgow, an I should leave as soon as possible because it’s so dangerous!

    I wonder if I should make a complaint. They were friendly, polite and helpful, but should they really say things like that? Does it help, trying to send law-abiding people away? Doesn’t it heighten tensions?

  35. The crack in the dam. That’s what Snowden did. he dared create a fissure. I don’t care what anyone says, he’s a hero, not a charlatan. He has opened up not just files but actual, factual dialogue and dispute amongst the elite. Unheard of.

    Clark;

    Thanks for giving me something to dine on this evening.

  36. http://www.bbc.co.uk/news/world-asia-24846819

    I have recently received a new sophisticated radiation monitor sent from London, which has now had its first outing in the field. You can point it at things and it tells you how many “counts per second” of radiation the object is giving off.

    …As our bus left reactor four and drove along the sea front, I pointed my new monitor out of the window towards reactor building three. Suddenly the needle started to spike – 1,000 counts per second, then 2,000, 3,000, finally it went off the scale.

    There, outside the bus, just a few dozen meters away is the real dead zone, a place where it is still far too dangerous for anyone to go. No human has been inside reactor three since the disaster. To do so would be suicide. No-one knows when it will be possible to go in.

    When I asked the same experts how long it would be until reactors one, two and three could be dismantled, they shook their heads. When I asked them where they thought the melted reactor cores were, they shook their heads again.

    Tokyo Electric Power Company was happy to show us reactor four, but please do not ask what they intend to do with reactors one, two and three.

  37. “So what can I report? Mainly that I feel somewhat reassured by what I have seen. The preparations for the fuel removal appear meticulous.”

    It’s being set-up as a success story, AA. All the drama around the rod-removal will have a happy, happy ending to public concern.

  38. By the way I’ve had to disable unregistered comments on the forum as the spammers were getting through too often. and I really wasn’t in need of a lifetime supply of scented soap however attractively priced!

  39. Ben, Maybe a bit of space speculation later. Pre-occupied with a few things right now.

    I can keep an eye on the spam from the phone. Most of it enters the moderation queue but some unregistered posts on the forum were going straight through for some reason. I have notification set up so my phone bleeps every time there is a new post or moderation decision needed at the blog but can’t do that on the forum unless I wanted to spend my time rejecting unregistered posts all day. There are currently also what appear to be three stealth bots on the forum as well: “GymnNeereelay,soapszima ,Dondiettetosy” They have registered correctly but have yet to post.

  40. My opinion is that meltdowns are still in progress at Fukushima. There definitely were meltdowns, and nothing has been reported that would change that, so I assume that the meltdowns continue.

    What could extinguish such meltdowns? The molten cores would need to be dispersed somehow. A robot with a big ladle, perhaps? I think they’ll have to blow them apart with explosives eventually, but they don’t want to draw attention.

  41. Clark; As to #3? You think there was a meltdown? It seems the fuel was vaporized in the explosion. Ironic that it seems safer than a meltdown, but not being a techie it’s beyond me.

  42. I don’t think Maduro is incapable of governing, but this makes me wonder…

    “(Reuters) – Venezuelan President Nicolas Maduro’s socialist government “occupied” a chain of electronics stores on Saturday in a high-profile crackdown on what it views as price-gouging hobbling the country’s economy.

    Authorities arrested various managers of the five-store, 500-employee Daka chain, sent soldiers into the shops, and forced the company to start selling products at cheaper prices.”

  43. This resonates in so many dimensions. Clapton is by far, my fav musical artist. Lyrics and arrangement never disappoint. Pilgrim was his darkest work after he rose from the ashes with Unplugged, and began his return from the abyss. Dark but beautiful in the expression of grief, but this piece is poignant without apology. By this time, this white artist, had earned some creds for the Blues.

    http://www.youtube.com/watch?v=IigRv6B763k

  44. Doods; We’re gettin’ way too serious. Howzit, Brian, AA? Slow fucking news day.

    As a news junkie, thats a withdrawal peril. Been scratchin’ the cat fever with gold powder dreams, and archetypal duality on the benign vs the malevolent nature of our cosmos. Still undecided. In the meantime, another of my favs; Michael McDonald. Vocals and lyrics AND arrangement perfection (in the main, but of course not this selection)……….

    http://www.youtube.com/watch?v=OKsHFvdbFjY

  45. Just noticed a stealth bot has been trying to break into the squonk mail-server for the last week. It connected at intervals long enough to evade the rules in fail2ban and didn’t cause the mail log files to grow fast enough for me to spot it manually without closer inspection. IP address in Germany from a hosting provider seemingly known for running bots and hosting malicious code. IP address already in various “bad” databases and Google tells me that the domain has been found to be hosting viruses within the last week. fail2ban rules now updated with longer detection scope/ban length and it is gone now.

  46. Squonk I am getting that security certificate warning again. Not when I click on to your website but when I go to comments. ?? As I type the address bar is coloured red and marked ‘certificate error’.

    Is the mailbot thing you have been getting this as reported on the BBC website or some other?
    Cryptolocker ransomware has ‘infected about 250,000 PCs’
    http://www.bbc.co.uk/news/technology-25506020

    Best wishes for 2014 and thanks for hosting us.

  47. Thanks for that report Mary. I’ve switched recent comments back to the standard display while I investigate. Probably a bug in the new comments plugin but I’ll see what I can do to get it sorted.

    What the mailbots do is try brute force username and password attacks against the server. Simply trying as many combinations as it can. Once they have a working username and password for an email account they can download all your email to look for passwords etc in that for other accounts. They can also send spam from your email account which could contain any virus including crypto-locker.

    Most of these attacks are easy to spot as they try sometimes thousands of combinations per hour and stick out a mile in log files if anyone even glances at them. This one was different in that it only tried a new one after a reasonable interval but, to compensate, was doing that for days before I noticed it.

Comments are closed.