Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

how to use wail2ban ??

Posted on 2016-11-15
13
Medium Priority
?
424 Views
Last Modified: 2016-11-16
I have a vps and i want to use a fail ban, so i found this link:
https://github.com/glasnt/wail2ban/blob/master/README.md

Open in new window

It says to click on start_wail2ban.bat and that's all but nothing hapening

I also tried this to ban after 5 attemps,but nothing hapening what to do?
thank you

https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

Open in new window

0
Comment
Question by:john lambert
  • 7
  • 6
13 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889123
>> click on start_wail2ban.bat and that's all but nothing hapening

Nothing should happen. [Wf]ail2ban will stay in the background and monitor the logs. If someone fails a password 5 times in 2 minutes, it will create a rule in the firewall to block that someone's IP.

From the manual: If you want a report, search the main wail2ban.ps1 script for the call to wail2ban_htmlgen.ps1, and enable it (remove the comment)

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889124
BTW, if all you want is to block password attacks, use ts_block:
https://github.com/EvanAnderson/ts_block
0
 

Author Comment

by:john lambert
ID: 41889171
Dear Dan craciun u said nothing hapening becouse run in backround.I made a test before posting this question,99 processes were before and 99 after i click on start_wail2ban.bat, more than that I attacked with more then 600 failed attempts and nothing hapened,,ok now i will try and make a new test,let's see
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889182
>>I attacked with more then 600 failed attempts and nothing happened
Look in the firewall and check for new rules.

I've never used wail2ban, but ts_block will run in cmd window and you will see there when it has blocked/unblocked an IP.
0
 

Author Comment

by:john lambert
ID: 41889185
I tried ts_block i copy to program files,firewall is Enable but i didn't set any rule there,i hope this script do that
thanks

untitled.JPG
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 2000 total points
ID: 41889188
You need to run ts_block with admin rights.
Open an administrative Command Prompt (click on start, type cmd, right click on Command prompt and choose "Run as administrator").

Then navigate to where the folder of ts_block is and run it like this:
cscript ts_block.vbs

 It does not need to be in Program Files. I keep it on the Desktop.

After you decide it works properly, you can install it as a service with the included msi. I try to keep my servers uncluttered so I run it from a command prompt.
0
 

Author Comment

by:john lambert
ID: 41889202
i did what u said:
untitled.JPG

then i atack the rdp:
IP:3389 (EID 73) Attempts: total 82 completed 82 supported 1
and the atack continue
nothing hapened
So when ts script works,i think is better to set him on task scheduler to run automatically everytime when vps restarts
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889215
Look at the event log. If those attempts registered there, then ts_block will react.

If the login attempts are not registered in the event log as failures, then nothing will happen.

To test, open Remote Desktop Connection from another computer and use a bad password a few times,
0
 

Author Comment

by:john lambert
ID: 41889234
i don't  have acces to gpedit.msc and i dont have acces to see this:
I can try on my other vps but what's the point if I can't run it on any vps

EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889457
EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889460
i tried on other rdp and doesn't work,dones't matter thanks anyway i will find another solution
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889679
Is that machine a Windows Home machine? That's the only reason why gpedit would not work.

Cause in that case, forget about wail2ban or whatever script, as Windows Home is seriously lacking in security features.
0
 

Author Closing Comment

by:john lambert
ID: 41890956
thanks.....
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a fine trick which I've found useful many times, when you just don't want to accidentally run a batch script or the commands needs administrator rights.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question