Some people out there apparently are of the opinion that it is a reasonable choice to use the ugly crutch that is "fail2ban" instead of deprecating password based authentication for ssh.
You're technically correct (the best kind) but I wanted to point out that Fail2Ban is a really useful tool for a lot of login protocols which are NOT SSH and which are still subject to frequent brute-force attempts. HTTP BASIC and IMAP(s) both come to mind as something I configure fail2ban to watch for me, neither of which have a strong key-based auth system to configure and disable passwords.
Still, configuring fail2ban to email people is really stupid. So I'll give you that with no argument.
On 2015-10-21 04:21, tor@as250.net wrote:
Dear yl,
just a few words from the abuse helpdesk of a larger tor-exit-node...
TL;DR: we ignore those requests. they don't even reach a human.
While we do handle most genuine/honest/helpful and especially all non-automated abuse reports very diligently. Pointless nagging services like webiron however are automatically rejected before they reach our abuse inbox. It seems that we are not the only ones who deem their mass mailings as spam, as evident from the spamhaus listing below:
Oct 20 03:34:54 mail smtpd: NOQUEUE: reject: RCPT from abuse-reporting.webiron.com[23.91.17.162]: 554 5.7.1 Service unavailable; Client host [23.91.17.162] blocked using sbl.spamhaus.org; http://www.spamhaus.org/sbl/query/SBLCSS [1]; from=###@abuse-reporting.webiron.com to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com> Oct 20 03:34:54 mail smtpd: disconnect from abuse-reporting.webiron.com[23.91.17.162] Oct 20 19:49:51 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[23.239.20.29]: 554 5.7.1 ###@abuse-reporting.webiron.com: Sender address rejected: Access denied; from=###@abuse-reporting.webiron.com to=<abuse@###> proto=ESMTP helo=<abuse-reporting.webiron.com>
We had similar problems with report@redsnitch.net and most notably with clean-mx.de which seems to be a confused single individual (Mr. Recher) sending out not very helpful mass mailings. Repeated contact attempts by mail and on his apparently 24/7 reachable mobile number (included in every of his mails) did not convince him to stop. If you also get these and are annoyed with that, try to give him a call, he seems to like feedback and was ok with getting a call at an odd time.
Also on our inbound-deny-list is a regex match for /^(.*)fail2ban(.*)$/ to a rather recent phenomenon. Some people out there apparently are of the opinion that it is a reasonable choice to use the ugly crutch that is "fail2ban" instead of deprecating password based authentication for ssh. To make things worse, these days this ill-conceived piece of software includes an option to advertise itself to other people. automatedly. via mail. *sigh*
Cheers _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [2]
Links: ------ [1] http://www.spamhaus.org/sbl/query/SBLCSS [2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays