Replies: 1 comment
-
That are a bit contradicting statements, don't they? :)
Well, by default filter fail2ban/config/filter.d/botsearch-common.conf Lines 6 to 14 in 5093ff8 which may be not "optimal" for your purposes (due to crossing with some service/URI listing there). Also note that this values are defaults and it can (or even must) be overwritten within your .local file(s). Anyway, neither it is obvious what exactly was wrong in your case without to consider the log-line causing a failure (provide an example), nor it is possible to predict any constellation which could cause a misleading finding. The usage of such filters is not advisable, at least unless you know what you do or you cannot guarantee that such URIs will be invoked from your services.
I don't think it is somehow related to us, since fail2ban is just a tool and as any other tool should be properly configured. |
Beta Was this translation helpful? Give feedback.
-
Hi All,
I have recently started using HomeAssistant after a long break and am starting to setup the services. I also run malware protection on my network which has started reporting HomeAssistant trying to access a malicious URL. After checking various logs I find that my router had an entry for 79.138.10.109 at the correct time, which is being reported as malicious on several lists. The site [https://www.abuseipdb.com/] has some reports suggesting it is related to nginx-botsearch jail.
The fact that it has been blocked on my network is not an issue as I can easily unblock it but wanted to bring this to your attention in case this is related to you as it could affect others and if it is not doing anything malicious, you can see if you can get it removed from the blacklists.
Beta Was this translation helpful? Give feedback.
All reactions