28
Apr 10

howto: tweet banned IPs from fail2ban

since i banged my head on this for a couple of days, i thought i’d share my solution.

if you’re running a server, you really should do something to keep brute-force SSH attacks from slowing it down, and potentially compromising your server. for this, i use fail2ban

fail2ban allows one to trigger certain actions when an IP is banned. i wanted to tweet those IPs, so their ISPs could be publicly shamed. i do this at http://twitter.com/bannedIPs/

it’s well known how to tweet from the command line:

curl -u username:mypassword -d status="Status Message" http://twitter.com/statuses/update.xml

so, i put this into a file “tweet.conf” in /etc/fail2ban/actions.d:

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = echo "status=<ip>" | curl -u USERNAME:PASSWORD -d @- http://twitter.com/statuses/update.xml
actionunban =

and the following in /etc/fail2ban/jail.conf:

[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
tweet[name=SSH]
logpath = /var/log/secure
maxretry = 3
bantime = 86400

(note the “action” is just “tweet” without the trailing “.conf”)


26
Apr 10

six months down, seventeen and…

six months down, seventeen and a half years to go.


24
Apr 10

Looking forward to @tiftmerrit…

Looking forward to @tiftmerritt concert tonight at @ncmaopen. Hope we don’t get rained out.


23
Apr 10

RT @Ihnatko: iPhone hacked to …

RT @Ihnatko: iPhone hacked to DUAL BOOT Android!!! Buy that man an Outback Steak House gift card! » http://bit.ly/aDmciz


16
Apr 10

wow. you tweet something derog…

wow. you tweet something derogatory about SEO asshats, and a bunch of their bots automatically follow you!


14
Apr 10

The next time you try to scam …

The next time you try to scam somebody, 206-259-6112, make sure to block caller id. And try not to sound like you’re twelve.


14
Apr 10

re:london: http://derad.typepa…

re:london: http://derad.typepad.com/onlinecrimebytes/2009/04/help-im-stuck-in-london-and-ive-been-robbed.html


14
Apr 10

people i’ve emailed once in my…

people i’ve emailed once in my life: i’m not planning a trip to London, where i will subsequently get robbed and email you to ask for money.


11
Apr 10

Daddy must remember not to ref…

Daddy must remember not to refer to himself in the third person when talking to adults. Yes he does.


10
Apr 10

Wow. That was remarkably fast….

Wow. That was remarkably fast. I’m totally sick of Guy Fieri already.