Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [fail2ban]

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

673 questions
-1
votes
1 answer

Can I use the following Fail2ban jail with my wordpress on nginx server?

[nginx-noscript] enabled = true port = http,https filter = nginx-noscript logpath = /var/log/nginx/access.log maxretry = 6 It is advised to not enable [nginx-noscript] jail, if server is running scripts. What are the types of scripts in…
dhiraj
  • 11
  • 1
  • 1
  • 4
-1
votes
1 answer

IPTABLES not working, fail2ban still notifying me of instrusions from those ips

I added 200 hundred iptable rules like these: iptables -A INPUT -s 108.62.150.0/24 -j DROP iptables -A INPUT -s 109.108.64.0/19 -j DROP iptables -A INPUT -s 109.110.32.0/19 -j DROP to block russian and eastern europe ips from my server. However, my…
Frank Barcenas
  • 595
  • 4
  • 17
-1
votes
1 answer

fail2ban Perform a regular expression for failregex

I needed some help to create a regular expression for failregex to find and ban the source ip (ex. SRC=192.168.0.1 and ban the IP 192.168.0.1) from this log: [ATT] Suspect: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx…
Kiwi
  • 33
  • 2
  • 6
-1
votes
1 answer

Fail2Ban is not updating iptables rules

I have set up fail2ban to protect my ssh port using these rather old instructions: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04 I tested my set-up by botching a bunch of log-ins from another…
grasswistle
  • 121
  • 5
-1
votes
1 answer

Postfix - Can Send / Receive Localy - Send External - Not receive from external

I just finish configuring my own mail server using this guide: LinuxBabe Guide At the start all was working but now I can not receive mail from external. Here is my configuration file: https://hatebin.com/npslpqyqpr
京子シオリ
  • 1
  • 1
-2
votes
1 answer

Fail2ban won't ban IPs

I installed the Fail2ban on my Ubuntu 18 server with etc/fail2ban/jail.local file [sshd] enabled = true port = 22 filter = sshd logpath = /var/log/fail2ssh.log maxretry = 2 after restart fail2ban service I can allways see attemts to login…
Peter Valek
  • 1
-2
votes
1 answer

unable to jail ssh fail2ban 0.9.6

I am on Centos 6.9 with fail2ban 0.9.6. I have the below SSH jail but after restarting fail2ban it is not enabled when running fail2ban-client status. The conf I used is /etc/fail2ban/jail.local. I have multiple jails in there. [ssh] enabled =…
Olive.b
  • 52
  • 1
  • 2
  • 10
-2
votes
1 answer

Default rules in fail2ban for apache

What does default apache (apache-auth, apache-overflows, apache-noscript) fail2ban jails do? I looked into docs, but there is nothing about it. Thanks for your help!
david8
  • 113
  • 4
-2
votes
1 answer

Apache server crashes due to bandwidth spike issue

The problem I am facing is that my Website (hosted on a dedicated VPS) was working fine for last 6 months. However from last two days, it gets huge spikes of DATA coming in and this causes server to crash. The hosting company shutdowns my server. I…
Arjun
  • 1
  • 3
-2
votes
1 answer

What configuration is necessary for fail2ban to be useful?

If I simply install fail2ban on my server with sudo apt-get install fail2ban without configuring anything, does this provide adequate protection? It seems that fail2ban comes with 1-2 pages of jails set up already which seem like they'd catch…
Superbest
  • 5,045
  • 3
  • 14
  • 11
-2
votes
1 answer

FAIL2BAN filters- who can give me filter to block this intrusion?

I see in my mediatemple server maillog endless intrusion. i need to block these ips. who can help with filter file to match these? Jan 21 07:51:44 mydomain postfix/smtpd[23505]: SSL_accept error from unknown[185.7.214.188]: -1 Jan 21 07:51:44…
alex K
  • 1
  • 1
-3
votes
2 answers

Fail2Ban to block IPs that request the same URL repeatedly

Is it possible to use Fail2Ban to block IPs that request the same URL more than 5 times in 10 seconds? I'm not talking about a specific URL, but any random URL of the site that is being requested repeatedly. For example: I don't want to block in a…
viniciussss
  • 185
  • 3
  • 8
-3
votes
1 answer

I need a script to ptint output from fail2ban

I installed Fail2ban and it's working fine. I'm NOT a Linux guru, sorry. I can just about find my way around. I need a script that will print all banned IP addresses and most important the DATE AND TIME that the ban came into effect. I'm only…
Mikheil
  • 1
  • 1
1 2 3
44
45