Solved

how to use wail2ban ??

Posted on 2016-11-15
13
215 Views
Last Modified: 2016-11-16
I have a vps and i want to use a fail ban, so i found this link:
https://github.com/glasnt/wail2ban/blob/master/README.md

Open in new window

It says to click on start_wail2ban.bat and that's all but nothing hapening

I also tried this to ban after 5 attemps,but nothing hapening what to do?
thank you

https://wqweto.wordpress.com/2013/12/10/how-to-use-fail2ban-with-terminal-servers-rdsh-farm/

Open in new window

0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889123
>> click on start_wail2ban.bat and that's all but nothing hapening

Nothing should happen. [Wf]ail2ban will stay in the background and monitor the logs. If someone fails a password 5 times in 2 minutes, it will create a rule in the firewall to block that someone's IP.

From the manual: If you want a report, search the main wail2ban.ps1 script for the call to wail2ban_htmlgen.ps1, and enable it (remove the comment)

HTH,
Dan
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889124
BTW, if all you want is to block password attacks, use ts_block:
https://github.com/EvanAnderson/ts_block
0
 

Author Comment

by:john lambert
ID: 41889171
Dear Dan craciun u said nothing hapening becouse run in backround.I made a test before posting this question,99 processes were before and 99 after i click on start_wail2ban.bat, more than that I attacked with more then 600 failed attempts and nothing hapened,,ok now i will try and make a new test,let's see
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889182
>>I attacked with more then 600 failed attempts and nothing happened
Look in the firewall and check for new rules.

I've never used wail2ban, but ts_block will run in cmd window and you will see there when it has blocked/unblocked an IP.
0
 

Author Comment

by:john lambert
ID: 41889185
I tried ts_block i copy to program files,firewall is Enable but i didn't set any rule there,i hope this script do that
thanks

untitled.JPG
0
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 41889188
You need to run ts_block with admin rights.
Open an administrative Command Prompt (click on start, type cmd, right click on Command prompt and choose "Run as administrator").

Then navigate to where the folder of ts_block is and run it like this:
cscript ts_block.vbs

 It does not need to be in Program Files. I keep it on the Desktop.

After you decide it works properly, you can install it as a service with the included msi. I try to keep my servers uncluttered so I run it from a command prompt.
0
 

Author Comment

by:john lambert
ID: 41889202
i did what u said:
untitled.JPG

then i atack the rdp:
IP:3389 (EID 73) Attempts: total 82 completed 82 supported 1
and the atack continue
nothing hapened
So when ts script works,i think is better to set him on task scheduler to run automatically everytime when vps restarts
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889215
Look at the event log. If those attempts registered there, then ts_block will react.

If the login attempts are not registered in the event log as failures, then nothing will happen.

To test, open Remote Desktop Connection from another computer and use a bad password a few times,
0
 

Author Comment

by:john lambert
ID: 41889234
i don't  have acces to gpedit.msc and i dont have acces to see this:
I can try on my other vps but what's the point if I can't run it on any vps

EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889457
EasyCapture1.jpg
0
 

Author Comment

by:john lambert
ID: 41889460
i tried on other rdp and doesn't work,dones't matter thanks anyway i will find another solution
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41889679
Is that machine a Windows Home machine? That's the only reason why gpedit would not work.

Cause in that case, forget about wail2ban or whatever script, as Windows Home is seriously lacking in security features.
0
 

Author Closing Comment

by:john lambert
ID: 41890956
thanks.....
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPC$ Password 13 47
Way to transfer 29 62
Windows Server 2003 2 42
Where to download free Microsoft ISO's 4 17
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question