Hi @virmix can you share the source for the IPBan.exe only ? Like the first post in this thread I was customizing Log type and reading for locating the failed login attempts, and wish to customize the logic if possible.
Would be much appreciated.
Automatically Add Hackers to Firewall Block Rule
Re: Automatically Add Hackers to Firewall Block Rule
Sorry , the code is not a copy of original post , use an other old source code.
If you need any change I can change it for you.
The new version have new log information, like rule name and customer failed before fan.
See file .config for example the Group MySql:
That rule block ip if fail more of 2 login and block if one login fail and use username root or admin.
The new node was : Name,FailedBeforeBan,RegexUser
Code: Select all
<Group>
<Name>MySQL</Name>
<Keywords>0x80000000000000</Keywords>
<Path>Application</Path>
<FailedBeforeBan>2</FailedBeforeBan>
<Expressions>
<Expression>
<XPath>//Provider[@Name='MySQL']</XPath>
<Regex></Regex>
</Expression>
<Expression>
<XPath>//Data</XPath>
<Regex>
<![CDATA[
Access denied for user .*?'@'(?<ipaddress>.*?)'
]]>
</Regex>
<RegexUser>'root','admin'</RegexUser>
</Expression>
</Expressions>
</Group>
Code: Select all
<add key="FailedLoginAttemptsBeforeBan" value="4" />
Re: Automatically Add Hackers to Firewall Block Rule
Thank you for the reply @virmix
I did modify a very old VB code to C# long time ago, and added Daily Email Summary at end of the day to keep an eye on
- List of IPs blocked today
- How many times each IP attempted to login
like 1.2.3.4 5 attempts
This would then give me an idea of attacks on the mailserver whether its targeted or pinging.
I did add the IPs to mailenable Deny tab file via the API and noticed most of the times it returns Success as added but does not add the IP, which I had to go back and add manually.
Not sure what got changed since then, but if you can add such a feature or share the script I can make these changes.
I did modify a very old VB code to C# long time ago, and added Daily Email Summary at end of the day to keep an eye on
- List of IPs blocked today
- How many times each IP attempted to login
like 1.2.3.4 5 attempts
This would then give me an idea of attacks on the mailserver whether its targeted or pinging.
I did add the IPs to mailenable Deny tab file via the API and noticed most of the times it returns Success as added but does not add the IP, which I had to go back and add manually.
Not sure what got changed since then, but if you can add such a feature or share the script I can make these changes.
Re: Automatically Add Hackers to Firewall Block Rule
Change the param 0 to 1 in config file
<add key="log" value="1"/>
See if folder LOGS exists. Inside you can see all IP Blocked and the rule (every day)
<add key="logsubfolder" value="LOGS"/>
It is possible you can se the IP bocked into firewall base you can check the right rule. For example the app create a separate rule for any service (SMTP, IMAP, POP, FTP) and others for Country IP and Possible BOT.
<add key="enableSMTP-Port" value="25,993,587"/>
<add key="enableIMAP-Port" value="143,993"/>
<add key="enablePOP-Port" value="110,995"/>
<add key="enableFTP-Port" value="21"/>
<add key="black_list_country" value="CN,KZ,IN,RU"/>
Use the app Firewall Manager to check easy every rule and get List of IP (click into colum NIP)
<add key="log" value="1"/>
See if folder LOGS exists. Inside you can see all IP Blocked and the rule (every day)
<add key="logsubfolder" value="LOGS"/>
It is possible you can se the IP bocked into firewall base you can check the right rule. For example the app create a separate rule for any service (SMTP, IMAP, POP, FTP) and others for Country IP and Possible BOT.
<add key="enableSMTP-Port" value="25,993,587"/>
<add key="enableIMAP-Port" value="143,993"/>
<add key="enablePOP-Port" value="110,995"/>
<add key="enableFTP-Port" value="21"/>
<add key="black_list_country" value="CN,KZ,IN,RU"/>
Use the app Firewall Manager to check easy every rule and get List of IP (click into colum NIP)
Re: Automatically Add Hackers to Firewall Block Rule
I downloaded IPBan and notice that is only added 1 IP in 2 weeks while in mailenalbe I see many IP blocked is there any way to have it add those to the windows firewall. Or does someone have a solution please
Re: Automatically Add Hackers to Firewall Block Rule
Can you send us the link to your new software pleaseakeilox wrote: ↑Mon Aug 19, 2019 8:55 amHi Consulteware
I have just stumbled on your post, are you adding the IPs to the DENY tab file or to windows firewall?
Can you share a bit more on how application works, and will you be sharing the application with the community? I'm running Standard version, and interested to give it a spin.
My ultimate goal was to check the Ips against AbuseIpDb and add them to windows firewall if they were listed there before, like in https://www.hmailserver.com/forum/viewtopic.php?t=32739
But was not sure how to go about it. Your implementation looks good.
Consulteware wrote: ↑Fri Aug 16, 2019 6:00 pmIs this what everybody needs?
Soon it Will be available the application to work with.
Re: Automatically Add Hackers to Firewall Block Rule
For those with this problem, another option that might be worth investigating - https://itefix.net/win2ban or https://github.com/DigitalRuby/IPBan
I am yet to use/trial this and would appreciate any comments from those who know more than me. IPBan seems OK.
Update: IPBan is already configured for Mailenable SMTP logging - see ipban.config. Sorry about duplicate
I am yet to use/trial this and would appreciate any comments from those who know more than me. IPBan seems OK.
Update: IPBan is already configured for Mailenable SMTP logging - see ipban.config. Sorry about duplicate
Re: Automatically Add Hackers to Firewall Block Rule
I create a new extension for Plesk.
More info : https://www.mailenable.com/forum/viewtopic.php?f=5&t=44704
- Manage Windows Firewall (Auto Prevention SMTP,POP,IMAP, FTP,MySql,MariaDb,RDP....)
- Can Block Country IP range
- Can Block Country Company by ASN
- Plugin for use Windows Defender in MailEnable as Antivirus
- Plugin Advanced AntiSpam in MailEnable
- Manage CloudFlare Firewall Rules and Settings
- Manage CloudFlare DNS from Plesk
- Manage MailEnable SMTP, POP blocked list
- Advanced MailEnable Settings by each version Edition
More info : https://www.mailenable.com/forum/viewtopic.php?f=5&t=44704
- Manage Windows Firewall (Auto Prevention SMTP,POP,IMAP, FTP,MySql,MariaDb,RDP....)
- Can Block Country IP range
- Can Block Country Company by ASN
- Plugin for use Windows Defender in MailEnable as Antivirus
- Plugin Advanced AntiSpam in MailEnable
- Manage CloudFlare Firewall Rules and Settings
- Manage CloudFlare DNS from Plesk
- Manage MailEnable SMTP, POP blocked list
- Advanced MailEnable Settings by each version Edition