I use fail2ban on some of my servers, along with the "jwhois" application (to automatically return whois info in the automated fail2ban emails I receive).
I noticed that 43.229.53.15 was coming back in my emails as follows:
[Querying whois.v6nic.net] [Unable to connect to remote host] missing whois program
This is because v6nic.net is defunct and has been taken over by a cybersquatter (discussion about this on the Red Hat Bugzilla). The whois server whois.apnic.net works adequately in its place.
The version of jwhois available from the epel repo for el6 (CentOS 6) is out of date:
jwhois.x86_64 4.0-19.el6 @base
rpmfind lists 4.0-43 for Fedora Core 24 as the latest version, but this isn't compatible (loads of dependency issues if you try and manually install).
So, let's fix it manually.
jwhois derives its list of whois servers from /etc/jwhois.conf
(by default). Let's do a search/replace all with nano.
Assuming nano is installed (sudo yum install nano -y
) do the following:
Press Ctrl \
Type in whois.v6nic.net
and press Enter
Type in whois.apnic.net
and press Enter
Press A
to replace all found instances
Type Ctrl X
to exit, then Y
to save the changed file.
Done!
Related reading, if you've got nothing else to do...