Search results for query: "Fail2Ban" "recidive"

Have just discovered that all the unbans are now failing. Errors like this: 938 fail2ban.actions [961]: ERROR Failed to execute unban jail 'recidive' action 'iptables-allports' info 'ActionInfo({'ipfailures': 12, 'ip-rev':... 985 fail2ban.actions [961]: ERROR Failed to...

Fail2Ban uses iptables and iptables stores rules in its own "database". I am not aware of a limit, but 8,000 sounds like a whole lot. One downside of that is that it will most definitely slow down your network interface, because each connection needs to run through all these entries before it is...

Hi, other problem is reported in this article : Fail2ban extension hangs in Plesk: iptables: Too many links.\n but I have the same problem with Obsidian 2020-08-26 11:46:54,158 fail2ban.utils [3169]: Level 39 7xx11xxx7xx8 -- exec: iptables -w -D INPUT -p tcp -j f2b-recidive iptables -w -F...

[Thu May 05 09:13:50.376872 2022] [proxy_fcgi:error] [pid 24486:tid 140180509894400] (104)Connection reset by peer: [client 2a02:c206:2048:5042::1:50858] AH01075: Error dispatching request to : [Thu May 05 09:13:50.404165 2022] [proxy_fcgi:error] [pid 24475:tid 140180577036032] [client...

Yes, it is very secure in combination with the SSH and recidive Fail2Ban jails. You will probably see a lot of SSH blocks in the Fail2Ban blocked IP list on SSH. Plus, an attacker would need to figure out the root password in addition to the SSH login password. As long as your passwords are not...

I have enabled fail2ban and most of the jails are working properly. I have also enabled the recidive jail. Alas, I often see messages like this in /var/log/maillog: Apr 24 05:30:10 h2731888 postfix/smtpd[32272]: warning: unknown[203.159.80.233]: SASL LOGIN authentication failed: authentication...

I cannot see any problem. The service is up and it looks like it is doing what it ought to do. What problem are you referring to? Are you asking why the failed login attempts are logged and how to stop these? Such failed logins are normal. Servers are targeted by hackers 24/7 with thousands of...

Hi, I've updated the version of Plesk from 17.5.3 to 18.0.29 without any evident problem. Now, I'm on 18.0.29 u2 and after some test I've seen in F2B log that there are some errors when I stop or restart fail2ban service. This is an example : 2020-08-23 20:26:41,418 fail2ban.actions [2598]...

When the "Postfix" and "Dovecot" jails are "active" in Fail2Ban, the IPs will be blocked. I also recommend to activate the "recidive" jail to make sure that frequent offenders will be banned for longer periods of time.

I am assuming that recidive is located in the Fail2Ban conf file? I have IP's that start with 89.xxx.xxx.xxx that regularly found my servers. We're a United States based company and it's rare that anyone outside of the United States should be attempting to access mail, if ever. Other than...

The answer was included in my response. Here it is again: "Now for your content questions: The "recidive" jail is a standard jail that is delivered by Plesk. It can easily be activated in the jail configuration settings in the GUI. There is no need to edit configuration files on the shell...

You had two questions "I am assuming that recidive is located in the Fail2Ban conf file?" "Other than fail2ban is there an extension you would recommend that would deal better with these issues?" Both have been answered. Both questions are about blocking IPs. Please accept my apologies for...

I want to make my recidive efficient in a way i could ban returning hackers which try to bruteforce postfix. I observe that hackers have thousands of servers over the whole world so thinking of a way to ban most of them, so maybe i could use fail2ban + geoIP and ban half of the world (but i did...

Awesome! Thanks for the reassurances. I would like to add that I also have a 2 Step Authentication extension installed, offering another layer of security to help protect against attacks that have used tools such as the Keylogger you mentioned. I will have to read up more on setting up...

Changing the port can cause problems with: - Plesk backup and restore - Plesk Migrator extension - SFTP access in subscriptions - SSH access in subscriptions Other suggestion: Create a separate user account on your Linux system level for login purposes only, but don't give it root privileges...

1a -> no need to change rotation, read about the settings: bantime, findtime, maxretry 1b -> fail2ban reads the log which is defined in jails logpath, for the recidive jail /var/log/fail2ban.log will be used 2 -> yes it means recidve will ban ip based on the log entrys matching bantime...

@Korkodilos_ I think that @Arashi is pointing you to the right direction : a connection originating from a (bad) "old style" mail client. At least, that might be one of the most feasible explanations for the log entries in fail2ban.log - nevertheless, you should check /var/log/maillog too...

Using plesk on a VPS to manage client websites and I'm finding myself locked out quite often as a result of banning my IP and sending it to the recidive jail. It's not a huge issue, as i can bypass with mobile data or VPN, and I like the way that the server is secure, but everytime it happens I...

Hello, I am tired of all these spammers who try to send spam mails over my server or to get access to SSH or FTP. So I configured fail2ban with very strong rules (1 failed attempt per jail, only recidive allows 2) and the list of blocked IPs is growing daily. I also added an apache-404 fail2ban...

I just configured fail2ban via Plesk and afterwards I checked the jail.local file in /etc/fail2ban/. It seems like this file is not created correctly by Plesk. Or do I misunderstand something? Here is the relevant content: [DEFAULT] ignoreip = 127.0.0.1/8 ::1 maxretry = 3 destemail =...