[BlueOnyx:22924] Re: APF mystery - blocking BlueOnyx

Meaulnes Legler @ MailList bluelist at waveweb.ch
Mon May 27 02:25:14 -05 2019 

Hello Colin

there were some posts about DFix2/APF round May 5-6 in this list, read what happened there...

I was running APF, Dfix2 and Fail2ban on my servers, but I turned Dfix2 off because it is too fussy with users who entered a false password (e.g. connecting an old device or setting up a new one, at the Internet Café etc.), one's connection is banned by Dfix2 already after two attempts.

less /etc/apf/deny_hosts.rules
# added 83.76.86.xxx on 12/04/18 12:09:33 with comment: dFixblock2
83.76.86.xxx

Dfix2 is very compelling, but just too strict. And since I couldn't find out how to edit the rules in /etc/sec, I turned it off keeping APF and Fail2ban only.

No problems anymore. Until the next hack?:-(

Best regards

_⌢_
'¿')
`-´ 	 Meaulnes Legler

  Zurich, Switzerland

+41¦0 44 260 16 60


On 26.05.19 09:16, Colin Jack wrote:
>
> Hi Greg,
>
> Hi Colin.
>
> Look at /var/log/sec for anything that might indicate if it was dFix that blocked. If you see something there, we can tune to prevent that happening again.
>
> GK
>
> I did grep the log for the BX IPs but no result.
>
> It is very weird – but I do like to run DFix2/APF on all my VPS and this is the only one doing strange stuff.
>
> I will have another look and see if I can locate anything.
>
> Thanks
>
> Colin
>
>     On 23 May 2019, at 3:27 am, Colin Jack <colin at mainline.co.uk <mailto:colin at mainline.co.uk>> wrote:
>
>     I have a problem with one 5209R VPS that I cannot fathom.
>
>     I would be interested in some feedback.
>
>     I am running DFix2 / APF and APF appears to be blocking access to Blueonyx.it and also the Letsencrypt servers.
>
>     The GUI cannot get BX News or the shop.
>
>     LE renewals fail.
>
>     I haven’t touched any of the rules.
>
>     If I flush iptables it all starts working for a few hours.
>
>     If I disable AFP it all works.
>
>     I have looked in iptables for the BX IP but nothing.
>
>     Same with APF blacklist. Not listed.
>
>     I run DFix2 / APF on all my servers and don’t have a problem - except on this one.
>
>     Any thoughts (Michael/Greg)?
>
>     I have tried removing APF and re-installing without any luck.
>
>     Regards
>
>     Colin
>
>     _______________________________________________
>     Blueonyx mailing list
>     Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
>     http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20190527/ea24dbe7/attachment.html>

More information about the Blueonyx mailing list