<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello Colin</p>
<p>there were some posts about DFix2/APF round May 5-6 in this list,
read what happened there...</p>
<p>I was running APF, Dfix2 and Fail2ban on my servers, but I turned
Dfix2 off because it is too fussy with users who entered a false
password (e.g. connecting an old device or setting up a new one,
at the Internet Café etc.), one's connection is banned by Dfix2
already after two attempts.</p>
<pre>less /etc/apf/deny_hosts.rules
# added 83.76.86.xxx on 12/04/18 12:09:33 with comment: dFixblock2
83.76.86.xxx</pre>
<p>Dfix2 is very compelling, but just too strict. And since I
couldn't find out how to edit the rules in <tt>/etc/sec</tt>, I
turned it off keeping APF and Fail2ban only.</p>
<p>No problems anymore. Until the next hack?:-(<br>
</p>
<p>Best regards<br>
</p>
<table cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td rowspan="2" style="font-family:monospace;
font-size:85%;letter-spacing:-0.1em;" width="20"
valign="top"><span style="font-size:95%;">_⌢_</span><br>
'¿')<br>
`-´</td>
<td> Meaulnes Legler</td>
</tr>
<tr>
<td valign="top">
<p style="font-size:85%;"> Zurich, Switzerland</p>
</td>
</tr>
<tr>
<td colspan="2">
<p>+41¦0 44 260 16 60</p>
</td>
</tr>
</tbody>
</table>
<br>
<div class="moz-cite-prefix">On 26.05.19 09:16, Colin Jack wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4034B86F-99DD-4CB4-AF9E-D817F86990C0@mainline.co.uk">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Helvetica;
	panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0cm;
	mso-margin-bottom-alt:auto;
	margin-left:0cm;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hi Greg,<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:36.0pt">Hi Colin. <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt">Look at
/var/log/sec for anything that might indicate if it was dFix
that blocked. If you see something there, we can tune to
prevent that happening again.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt">GK<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I did grep the log for the BX IPs but
no result.<o:p></o:p></p>
<p class="MsoNormal">It is very weird – but I do like to run
DFix2/APF on all my VPS and this is the only one doing
strange stuff.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I will have another look and see if I
can locate anything.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Colin<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal" style="margin-left:36.0pt">On 23
May 2019, at 3:27 am, Colin Jack <<a
href="mailto:colin@mainline.co.uk"
moz-do-not-send="true">colin@mainline.co.uk</a>>
wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I have a problem with one 5209R VPS
that I cannot fathom.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I would be interested in some
feedback.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I am running DFix2 / APF and APF
appears to be blocking access to Blueonyx.it and
also the Letsencrypt servers.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">The GUI cannot get BX News or the
shop.</span><span style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">LE renewals fail.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I haven’t touched any of the rules.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">If I flush iptables it all starts
working for a few hours.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">If I disable AFP it all works.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I have looked in iptables for the BX
IP but nothing.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">Same with APF blacklist. Not listed.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I run DFix2 / APF on all my servers
and don’t have a problem - except on this one.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">Any thoughts (Michael/Greg)?</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">I have tried removing APF and
re-installing without any luck.</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">Regards</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US">Colin</span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
lang="EN-US"> </span><span
style="font-size:12.0pt"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><span
style="font-size:9.0pt;font-family:Helvetica">_______________________________________________<br>
Blueonyx mailing list<br>
</span><a href="mailto:Blueonyx@mail.blueonyx.it"
moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:Helvetica;color:#954F72">Blueonyx@mail.blueonyx.it</span></a><span
style="font-size:9.0pt;font-family:Helvetica"><br>
</span><a
href="http://mail.blueonyx.it/mailman/listinfo/blueonyx"
moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:Helvetica;color:#954F72">http://mail.blueonyx.it/mailman/listinfo/blueonyx</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal" style="margin-left:36.0pt"><o:p> </o:p></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Blueonyx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a>
<a class="moz-txt-link-freetext" href="http://mail.blueonyx.it/mailman/listinfo/blueonyx">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a>
</pre>
</blockquote>
</body>
</html>