Solved

how to use wail2ban ??

Posted on 2016-11-15
13
81 Views
Last Modified: 2016-11-16
I have a vps and i want to use a fail ban, so i found this link:
https://github.com/glasnt/wail2ban/blob/master/README.md

Open in new window

It says to click on start_wail2ban.bat and that's all but nothing hapening

I also tried this to ban after 5 attemps,but nothing hapening what to do?
thank you

https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

Open in new window

0
Comment
Question by:john lambert
  • 7
  • 6
13 Comments
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889123
>> click on start_wail2ban.bat and that's all but nothing hapening

Nothing should happen. [Wf]ail2ban will stay in the background and monitor the logs. If someone fails a password 5 times in 2 minutes, it will create a rule in the firewall to block that someone's IP.

From the manual: If you want a report, search the main wail2ban.ps1 script for the call to wail2ban_htmlgen.ps1, and enable it (remove the comment)

HTH,
Dan
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889124
BTW, if all you want is to block password attacks, use ts_block:
https://github.com/EvanAnderson/ts_block
0
 

Author Comment

by:john lambert
ID: 41889171
Dear Dan craciun u said nothing hapening becouse run in backround.I made a test before posting this question,99 processes were before and 99 after i click on start_wail2ban.bat, more than that I attacked with more then 600 failed attempts and nothing hapened,,ok now i will try and make a new test,let's see
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889182
>>I attacked with more then 600 failed attempts and nothing happened
Look in the firewall and check for new rules.

I've never used wail2ban, but ts_block will run in cmd window and you will see there when it has blocked/unblocked an IP.
0
 

Author Comment

by:john lambert
ID: 41889185
I tried ts_block i copy to program files,firewall is Enable but i didn't set any rule there,i hope this script do that
thanks

untitled.JPG
0
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 41889188
You need to run ts_block with admin rights.
Open an administrative Command Prompt (click on start, type cmd, right click on Command prompt and choose "Run as administrator").

Then navigate to where the folder of ts_block is and run it like this:
cscript ts_block.vbs

 It does not need to be in Program Files. I keep it on the Desktop.

After you decide it works properly, you can install it as a service with the included msi. I try to keep my servers uncluttered so I run it from a command prompt.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:john lambert
ID: 41889202
i did what u said:
untitled.JPG

then i atack the rdp:
IP:3389 (EID 73) Attempts: total 82 completed 82 supported 1
and the atack continue
nothing hapened
So when ts script works,i think is better to set him on task scheduler to run automatically everytime when vps restarts
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889215
Look at the event log. If those attempts registered there, then ts_block will react.

If the login attempts are not registered in the event log as failures, then nothing will happen.

To test, open Remote Desktop Connection from another computer and use a bad password a few times,
0
 

Author Comment

by:john lambert
ID: 41889234
i don't  have acces to gpedit.msc and i dont have acces to see this:
I can try on my other vps but what's the point if I can't run it on any vps

EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889457
EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889460
i tried on other rdp and doesn't work,dones't matter thanks anyway i will find another solution
0
 
LVL 34

Expert Comment

by:Dan Craciun
ID: 41889679
Is that machine a Windows Home machine? That's the only reason why gpedit would not work.

Cause in that case, forget about wail2ban or whatever script, as Windows Home is seriously lacking in security features.
0
 

Author Closing Comment

by:john lambert
ID: 41890956
thanks.....
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adobe acrobat scaning 9 49
Sharepoint 2010 Audit Logs 11 82
Problem to open text file 11 70
CMD BAT file script SET / Delayed Expansion issue in FOR/DO construct 4 28
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now