Solved

how to use wail2ban ??

Posted on 2016-11-15
13
157 Views
Last Modified: 2016-11-16
I have a vps and i want to use a fail ban, so i found this link:
https://github.com/glasnt/wail2ban/blob/master/README.md

Open in new window

It says to click on start_wail2ban.bat and that's all but nothing hapening

I also tried this to ban after 5 attemps,but nothing hapening what to do?
thank you

https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

Open in new window

0
Comment
Question by:john lambert
  • 7
  • 6
13 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889123
>> click on start_wail2ban.bat and that's all but nothing hapening

Nothing should happen. [Wf]ail2ban will stay in the background and monitor the logs. If someone fails a password 5 times in 2 minutes, it will create a rule in the firewall to block that someone's IP.

From the manual: If you want a report, search the main wail2ban.ps1 script for the call to wail2ban_htmlgen.ps1, and enable it (remove the comment)

HTH,
Dan
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889124
BTW, if all you want is to block password attacks, use ts_block:
https://github.com/EvanAnderson/ts_block
0
 

Author Comment

by:john lambert
ID: 41889171
Dear Dan craciun u said nothing hapening becouse run in backround.I made a test before posting this question,99 processes were before and 99 after i click on start_wail2ban.bat, more than that I attacked with more then 600 failed attempts and nothing hapened,,ok now i will try and make a new test,let's see
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889182
>>I attacked with more then 600 failed attempts and nothing happened
Look in the firewall and check for new rules.

I've never used wail2ban, but ts_block will run in cmd window and you will see there when it has blocked/unblocked an IP.
0
 

Author Comment

by:john lambert
ID: 41889185
I tried ts_block i copy to program files,firewall is Enable but i didn't set any rule there,i hope this script do that
thanks

untitled.JPG
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 41889188
You need to run ts_block with admin rights.
Open an administrative Command Prompt (click on start, type cmd, right click on Command prompt and choose "Run as administrator").

Then navigate to where the folder of ts_block is and run it like this:
cscript ts_block.vbs

 It does not need to be in Program Files. I keep it on the Desktop.

After you decide it works properly, you can install it as a service with the included msi. I try to keep my servers uncluttered so I run it from a command prompt.
0
 

Author Comment

by:john lambert
ID: 41889202
i did what u said:
untitled.JPG

then i atack the rdp:
IP:3389 (EID 73) Attempts: total 82 completed 82 supported 1
and the atack continue
nothing hapened
So when ts script works,i think is better to set him on task scheduler to run automatically everytime when vps restarts
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889215
Look at the event log. If those attempts registered there, then ts_block will react.

If the login attempts are not registered in the event log as failures, then nothing will happen.

To test, open Remote Desktop Connection from another computer and use a bad password a few times,
0
 

Author Comment

by:john lambert
ID: 41889234
i don't  have acces to gpedit.msc and i dont have acces to see this:
I can try on my other vps but what's the point if I can't run it on any vps

EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889457
EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889460
i tried on other rdp and doesn't work,dones't matter thanks anyway i will find another solution
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889679
Is that machine a Windows Home machine? That's the only reason why gpedit would not work.

Cause in that case, forget about wail2ban or whatever script, as Windows Home is seriously lacking in security features.
0
 

Author Closing Comment

by:john lambert
ID: 41890956
thanks.....
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question