[Eisfair] [E64]: bfb "No host name found" wird nicht blockiert.

Rolf Bensch azubi at bensch-net.de
So Okt 8 14:17:09 CEST 2023 

Hallo zusammen,

aktuelle Angriffe:
   mail # grep -e 'no host name found' -e exim mainlog | tail -n 15
   2023-10-08 11:23:41 no host name found for IP address 45.81.39.220
   2023-10-08 11:57:23 no host name found for IP address 45.81.39.220
   2023-10-08 11:57:36 no host name found for IP address 45.81.39.220
   2023-10-08 12:10:29 no host name found for IP address 45.81.39.220
   2023-10-08 12:10:42 no host name found for IP address 45.81.39.220
   2023-10-08 12:44:14 no host name found for IP address 45.81.39.220
   2023-10-08 12:44:31 no host name found for IP address 45.81.39.220
   2023-10-08 12:57:43 no host name found for IP address 45.81.39.220
   2023-10-08 12:57:59 no host name found for IP address 45.81.39.220
   2023-10-08 12:59:56 no host name found for IP address 165.154.120.30
   2023-10-08 12:59:57 no host name found for IP address 165.154.120.30
   2023-10-08 13:00:15 no host name found for IP address 165.154.120.30
   2023-10-08 13:07:41 exim 4.96.1 daemon started: pid=25866, -q30m, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
   2023-10-08 13:46:22 no host name found for IP address 91.223.169.88
   2023-10-08 13:49:45 no host name found for IP address 45.81.39.220

... werden nicht blockiert. BFB wurde zwischenzeitlich auch neu gestartet:
Show Status:
   /usr/sbin/service status brute_force_blocking
   │● brute_force_blocking.service - Brute Force Blocking service
   │     Loaded: loaded (/usr/lib/systemd/system/brute_force_blocking.service; static)
   │     Active: active (exited) since Sun 2023-10-08 11:11:53 CEST; 2h 45min ago
   │TriggeredBy: ● brute_force_blocking.timer  │
   │   Main PID: 311 (code=exited, status=0/SUCCESS)
   │      Tasks: 2 (limit: 4915)
   │        CPU: 15min 41.296s
   │     CGroup: /system.slice/brute_force_blocking.service
   │             ├─  619 /bin/bash /brute_force_blocking/brute_force_blocking
   │             └─13733 sleep 10
   │
   │Oct 08 13:57:35 mail initfile[13099]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:35 mail initfile[13099]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:35 mail initfile[13099]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Oct 08 13:57:46 mail initfile[13662]: /usr/bin/in.grep: warning: stray \ before :
   │Press ENTER to continue

Display blocked IP-Adresses:
   blocked ip addresses
   
   PROACTIVE-Block
   BFB-Block
   Press ENTER to continue

Display of attempted access per ip address:
   Enter ip address
   45.81.39.220
   Insgesamt:
   45.81.39.220 Anzahl: 6 Last used: 2023-10-07 reason: atma
   aktuell geblockt:
   45.81.39.220 Anzahl: 1 Last used: 2023-10-07 reason: block
   Press ENTER to continue

Konfiguration:
   BFB_USE_IPTABLES_NFTABLES        =  nftables
   BFB_ATTACK_TIMES                 =  5
   BFB_BLOCK_TYPE                   =  REJECT
   BFB_MAX_BLOCKING_TIME            =  yes
   BFB_MAX_BLOCKING_TIME_MINUTES    =  720

Alle Pakete wurde aktualisiert. Wie kann ich das Problem lösen?

Grüße

Rolf

Mehr Informationen über die Mailingliste Eisfair