Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 6 from 1 user
Re: Why? Because fuck u, thats why: version 70002 , blocks=
by
waspoza
on 05/03/2016, 00:53:41 UTC
⭐ Merited by ABCbits (6)
Quote from: fubly on March 04, 2016, 08:35:03 PM
can any one post an fail2ban jail for that?

Good idea. Instructions how to make one:

First make sure that you have logips=1 in your bitcoin.conf, otherwise it won't work. Need to restart bitcoind after this change.

In /etc/fail2ban/jail.local add following at the end of file:
Code:
[bitcoin]

enabled = true
port    = 8333
filter  = bitcoin
logpath = /home/bitcoin/.bitcoin/debug.log
maxretry = 0
bantime = 2592000
findtime = 2592000
Make sure logpath is pointing to the right place. I set bantime for 1 month, adjust to your liking.

Create file /etc/fail2ban/filter.d/bitcoin.conf and put following inside:
Code:
# Fail2Ban configuration file for bitcoin
#
[Definition]
failregex = .*receive version message: Why\? Because fuck u.*peeraddr=:.*
ignoreregex =

fail2ban-client reload should add new jail, check /var/log/fail2ban.log for errors.

fail2ban-client status should show bitcoin jail:
Code:
Status
|- Number of jail:      2
`- Jail list:           ssh, bitcoin

And fail2ban-client status bitcoin should show something like this:
Code:
Status for the jail: bitcoin
|- filter
|  |- File list:        /home/bitcoin/.bitcoin/debug.log
|  |- Currently failed: 0
|  `- Total failed:     16
`- action
   |- Currently banned: 16
   |  `- IP list:       77.34.27.96 95.53.51.198 176.50.123.107 178.64.113.245 93.120.208.183 77.82.86.29 5.199.198.144 77.40.25.121 178.35.111.80 37.23.153.174 178.67.71.3 95.129.179.54 92.37.141.207 176.50.198.19 37.78.17.90 95.70.82.79
   `- Total banned:     16

Enjoy!  Grin