Teamspeak 3 Fail2Ban Filter

Status
Not open for further replies.
Bluscream

Bluscream

Retired Staff
Contributor
May 8, 2015
967
934
211
All credits go to shawly. c/p'ed from here

Hi,

I just wanted to share my Fail2Ban filter which bans failed server query login attempts. This is useful if you use the default teamspeak ports and have all query ips whitelisted. This is of course not necessary if you have restricted the access to the query login with your query whitelist.
I also know that the query automatically bans an IP that had 3 failed login attempts, but this could also be expanded more to filter out other attacks or people that connect and disconnect randomly, so I'm just sharing it, maybe someone will have some use for this.

Save this code to /etc/fail2ban/filter.d/teamspeak.conf
Code: 
[INCLUDES]

before = common.conf

[Definition]

failregex = .*query from .* <HOST>:.* attempted to login with account.*

ignoreregex =

And save this to your /etc/fail2ban/jail.local
Code: 
[teamspeak]
enabled = true
port = 2008,2010,9987,10011,30033,41144
filter = teamspeak
logpath = /home/teamspeak/log/server/ts3server_*.log
maxretry = 3
bantime = 86400
findtime = 7800
action = iptables-multiport[name="teamspeak", port="2008,2010,9987,10011,30033,41144"]

You obviously have to change the path to your teamspeak log dir and if you don't use the default ports, you also have to change the ports or add ports when you have multiple servers.

You also can adjust the bantime and the maxretry, currently the bantime is one day after three failed login attempts.
 
D

DarkSun

Member
May 1, 2016
9
0
35
This topic is so old and I know it, But I wanted to know, is there a way to make my teamspeak ddos protected using fail2ban ?
 
MrWolf

MrWolf

Retired Staff
Contributor
Dec 27, 2016
475
263
112
Thats useful, in the times that long passwords can be broken in minutes thats the save.
 
iElevateX

iElevateX

Member
Mar 25, 2017
45
7
46
DarkSun said:
This topic is so old and I know it, But I wanted to know, is there a way to make my teamspeak ddos protected using fail2ban ?
Click to expand...
No server can be protected from ddos attacks. There's always a way for either crashing it or ddosing it, its just a matter of your knowledge.

If we think logically, you can. Well, the script bans failed server query login attempts, you could modify it, so in case of a very popular flood attack, it would automatically ban them.
 
D

DarkSun

Member
May 1, 2016
9
0
35
demonekxlolek said:
No server can be protected from ddos attacks. There's always a way for either crashing it or ddosing it, its just a matter of your knowledge.

If we think logically, you can. Well, the script bans failed server query login attempts, you could modify it, so in case of a very popular flood attack, it would automatically ban them.
Click to expand...
Well, I know there is no way to protect your server from 100% of ddos attacks, I mean I need something to protect my server from small ddos attacks, like when some noobie just starts to attack my server with a single server..
Thanks for your reply <3
 
Status
Not open for further replies.
Top