Solved

how to use wail2ban ??

Posted on 2016-11-15
13
277 Views
Last Modified: 2016-11-16
I have a vps and i want to use a fail ban, so i found this link:
https://github.com/glasnt/wail2ban/blob/master/README.md

Open in new window

It says to click on start_wail2ban.bat and that's all but nothing hapening

I also tried this to ban after 5 attemps,but nothing hapening what to do?
thank you

https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

Open in new window

0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889123
>> click on start_wail2ban.bat and that's all but nothing hapening

Nothing should happen. [Wf]ail2ban will stay in the background and monitor the logs. If someone fails a password 5 times in 2 minutes, it will create a rule in the firewall to block that someone's IP.

From the manual: If you want a report, search the main wail2ban.ps1 script for the call to wail2ban_htmlgen.ps1, and enable it (remove the comment)

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889124
BTW, if all you want is to block password attacks, use ts_block:
https://github.com/EvanAnderson/ts_block
0
 

Author Comment

by:john lambert
ID: 41889171
Dear Dan craciun u said nothing hapening becouse run in backround.I made a test before posting this question,99 processes were before and 99 after i click on start_wail2ban.bat, more than that I attacked with more then 600 failed attempts and nothing hapened,,ok now i will try and make a new test,let's see
0
WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889182
>>I attacked with more then 600 failed attempts and nothing happened
Look in the firewall and check for new rules.

I've never used wail2ban, but ts_block will run in cmd window and you will see there when it has blocked/unblocked an IP.
0
 

Author Comment

by:john lambert
ID: 41889185
I tried ts_block i copy to program files,firewall is Enable but i didn't set any rule there,i hope this script do that
thanks

untitled.JPG
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 41889188
You need to run ts_block with admin rights.
Open an administrative Command Prompt (click on start, type cmd, right click on Command prompt and choose "Run as administrator").

Then navigate to where the folder of ts_block is and run it like this:
cscript ts_block.vbs

 It does not need to be in Program Files. I keep it on the Desktop.

After you decide it works properly, you can install it as a service with the included msi. I try to keep my servers uncluttered so I run it from a command prompt.
0
 

Author Comment

by:john lambert
ID: 41889202
i did what u said:
untitled.JPG

then i atack the rdp:
IP:3389 (EID 73) Attempts: total 82 completed 82 supported 1
and the atack continue
nothing hapened
So when ts script works,i think is better to set him on task scheduler to run automatically everytime when vps restarts
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889215
Look at the event log. If those attempts registered there, then ts_block will react.

If the login attempts are not registered in the event log as failures, then nothing will happen.

To test, open Remote Desktop Connection from another computer and use a bad password a few times,
0
 

Author Comment

by:john lambert
ID: 41889234
i don't  have acces to gpedit.msc and i dont have acces to see this:
I can try on my other vps but what's the point if I can't run it on any vps

EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889457
EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889460
i tried on other rdp and doesn't work,dones't matter thanks anyway i will find another solution
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889679
Is that machine a Windows Home machine? That's the only reason why gpedit would not work.

Cause in that case, forget about wail2ban or whatever script, as Windows Home is seriously lacking in security features.
0
 

Author Closing Comment

by:john lambert
ID: 41890956
thanks.....
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question