This is how to use fail2ban to protect playSMS from invalid logins. Correctly configured fail2ban will ban/block/reject IP of users/attackers when playSMS got too many invalid logins in short period of time.
Please note that the actual ban is done by iptables or whatever action command configured on fail2ban.
Step 1:
Configure fail2ban correctly. There are many manuals how to do it, usually the example is to protect SSH service from fail logins.
Step 2:
Add playsms.conf
to /etc/fail2ban/filter.d
playsms.conf
:
# Fail2Ban filter for playSMS
# Detecting failed login attempts
[Definition]
failregex = auth_validate_login # invalid login .* ip:<HOST>$
ignoreregex =
Step 3:
Enable the filter to get fail2ban watch over playSMS log files. Add playsms.local
to /etc/fail2ban/jail.d
playsms.local
:
[playsms]
enabled = true
port = http,https
filer = playsms
logpath = /home/komodo/log/playsms/playsms.log
/home/komodo/log/playsms.log
/var/log/playsms/playsms.log
/var/log/playsms.log
Step 4:
Reload fail2ban.
fail2ban log showing an IP banned:
2020-03-07 05:26:44,121 fail2ban.filter [7878]: INFO [playsms] Found 192.168.0.86 - 2020-03-07 05:26:43
2020-03-07 05:27:02,151 fail2ban.filter [7878]: INFO [playsms] Found 192.168.0.86 - 2020-03-07 05:27:02
2020-03-07 05:27:04,757 fail2ban.filter [7878]: INFO [playsms] Found 192.168.0.86 - 2020-03-07 05:27:04
2020-03-07 05:27:07,964 fail2ban.filter [7878]: INFO [playsms] Found 192.168.0.86 - 2020-03-07 05:27:07
2020-03-07 05:27:09,969 fail2ban.filter [7878]: INFO [playsms] Found 192.168.0.86 - 2020-03-07 05:27:09
2020-03-07 05:27:10,666 fail2ban.actions [7878]: NOTICE [playsms] Ban 192.168.0.86
anton