Search results for query: "Fail2Ban" "recidive"

In this case I'd like to give a personal advice: I am one of those persons who is doing business in the U.S. from outside the U.S. And I have frequently experienced U.S. companies blocking access to their websites and - even worse - email from IPs outside the U.S. It is absolutely annoying for a...

Username: Azurel TITLE Plesk fail2ban jails and iptables not working correctly [SECURITY ISSUE?] PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE CentOS Linux 8.2.2004, Plesk Obsidian Version 18.0.30 Update #2 PROBLEM DESCRIPTION Plesk shows in GUI banned IPs, but many of this IPs are not...

Actually, the default setup does not require additional action. The recidive jail is already your "long term" jail. For the recidive jail the fail2ban log is checked for repeated bans that result from other rules. You can control the length of the ban in the recidive jail by configuring the...

Thank you for your response. Are you saying that changing a Port is just one step of a series of steps, or that changing a Port is like 'security through obfuscation' and thus has its limitations? Thank you for highlighting the potential problems, as well as an alternative solution. I have...

5 years ago, my Plesk server was hacked. After of that experience I tried to implement all the security measures that Plesk Forum and documentation recommend. However, 2 weeks ago my server was hacked again. (I found all of the index.php modified and thousands of duplicated files filling...

@Korkodilos_ I just saw that @Arashi already gave you some good advice, please check that out. However, I want to mention the following - you should be able to have Fail2Ban whitelist one specific and static IP. In my humble opinion, it is not good practice to allow the sysadmin (read...

It is possible to add client-ip to fail2ban per plesk-php? My php script detects unqiue attacks and I would wish to add instantly the client-ip to a fail2ban jail. The same for banned users that create a account again and again. on command-line for fail2ban Is this working fine with plesk...

@Heppi75 There are a number of possible explanations, the two most important of them are: 1 - Fail2Ban is overloading iptables and/or the firewall does not work properly: less likely root cause of the problem if you have a dedicated server, very likely root cause of the problem if you have a...

Hello, last night I noticed that fail2ban banned some GoogleBot IPs (66.249.69.xx) because of the recidive jail. Maybe Google spiders pointed to some client-denied link and fail2ban triggered the jail. How can I whitelist the whole google.com / googlebot.com domains from Plesk ? I see I can...

Dear fellow Pleskians, Following quite a few hours of reading posts on this forum, and the Plesk docs (Protection Against Brute Force Attacks (Fail2Ban)), and a few interesting technical chats with more experienced people, I've significantly reduced the no of IPs hammering my server. Now I...

Hi, I'm on CentOS 7.3 with Plesk 17.5.3 and I'm configuring fail2ban (0.9.6) recidive to ban for 24 hours an ip. But if you look at the print-screen seems that it doesn't work as I expect. When an IP is found for a specific jail it's banned for the period that I have configured for that event...

Hi Trung Ma, Sorry, but the Plesk Community Forum is not the official Plesk support. If you desire to reach the official Plesk support, pls. visit: => Plesk Help Center ... and choose one of the options: Submit a ticket / Take a professional service / Start chat If you still desire answers...

is it? why this posting then? (joking) i would think that reading the log with a cron is faster and takes less resources then actionban. After all, you never know how many times the actionban script has to run in any given period of time. Have you looked at this...

Hi Jan, There was no error in the fail2ban.log. It was disabled as if I had done so through Plesk. CSF disabled it and never re-enabled it. So late last night/early this morning, there was another CSF update. This time it wasn't a clean shutdown with no errors. This time the log file was...

See subject. I've had this issue a few times now. The standard solution is to stop fail2ban, remove /var/log/fail2ban* and reinstall fail2ban. However, today it happened again and the above solution didn't work. Even removing /etc/fail2ban before reinstalling didn't work. I've determined that...

It doesn't look unusual to me. Most linux servers suffer from large numbers of failed login attempts and Fail2Ban will deal with them. If you haven't already done so you should consider activating the "recidive" jail. That will permanently block any repeat offenders.

Hi zoni, did you consider to use Fail2Ban ( and there as well the "recidive" - jail ) ?

Thanks, to first i change the name from the : /var/lib/fail2ban/fail2ban.sqlite3 to fail2ban.sqlite3_back after remove and reinstall fail2ban works now, but with any errors: 2017-04-22 10:05:02,269 fail2ban.actions [21867]: NOTICE [mail-blocklist] Ban 188.93.133.xx 2017-04-22...

@OverWolf With respect to your first question I must emphasize that in a firewall - huge lists of individual IPs can often (but not always) be compacted to CIDR ranges, - huge lists of CIDR ranges is just as bad as huge lists of individual IPs, irrespective of the question whether good or...

Thank you Simon - switched on with this filter: [INCLUDES] before = common.conf [Definition] _daemon = fail2ban\.actions\s* _jailname = recidive failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$ ignoreregex = [Init]...