Block unwanted users in CCcam (Fail2Ban)

Why is fail2ban useful function? You probably have unwanted users on your CCcam server. Some users can cause CCcam to crash and this can become very annoying. No one wants unstable CCcam!

If you want to see these users (if they exist), you need to add this line in CCcam.cfg:

LOG WARNINGS: /tmp/warnings.txt

Warnings.txt file can become quite large, so it is good idea to have it in tmp folder.

There are two solutions to block unwanted users

1. Block IP directly in your router. If you have router which supports Tomato firmware, find this section in your router webif —> Administration/Scripts/Firewall. Then add this line:

iptables -I FORWARD -d IP of user that is attacking you -j DROP

This only works if user has static IP (usually not). If user does not have static IP, there is another solution, but you need to be using Linux PC as CCcam server. Solution is called Fail2Ban!

If you use Fedora disto install Fail2Ban with this command: yum install fail2ban
If you use Ubuntu distro use: apt-get install fail2ban

Next command you need to use is (use telnet for this):

nano /etc/fail2ban/jail.conf
Look for these lines:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
 ignoreip = #here you need to put addresses that will be ignored by fail2ban - add IPs of your receivers/clients at home!
 maxretry = 3

… and add these lines:

 enabled = true
 port = 12000 #port of your cccam server. I have 12333 for example.
 filter = cccam
 action = iptables[name=CCcam0, port=12000, protocol=tcp] #here you only need to change port to 12333 for example.
 logpath = /tmp/warnings.txt
 maxretry = 10
 bantime = 6000 #this is in seconds. User will be banned 6000 seconds.

Next command (use telnet):

nano /etc/fail2ban/filter.d/cccam.conf

Add this into cccam.conf file:

# Fail2Ban configuration file
 # Author: Cyril Jaquier
 # $Revision: 510 $
# Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 # host must be matched by a group named "host". The tag "" can
 # be used for standard IP/hostname matching and is only an alias for
 # (?:::f{4,6}:)?(?PS+)
 # Values: TEXT
 failregex = Connection from IP: Login Failed!
# Option: ignoreregex
 # Notes.: regex to ignore. If this regex matches, the line is ignored.
 # Values: TEXT
 ignoreregex =

Next command is:

/etc/init.d/fail2ban restart

Last command is:

chkconfig fail2ban on

Using this command, fail2ban will start automatically with system start.

Now all CCcam crash problems should be gone. If not, then you have other problems (problematic peer, bad RAM sticks, etc.) If you want to check which IPs are blocked, type this in putty using SSH or telnet:

iptables --list

Leave a comment  




Submit comment

CommentLuv badge

Powered by