Search results for query: "Fail2Ban" "recidive"

The "normal" log entries are pretty easy to understand, they go something like this: 2017-04-15 16:33:53,497 fail2ban.filter [28873]: INFO [ssh] Found 218.0.241.177 2017-04-15 16:33:55,508 fail2ban.filter [28873]: INFO [ssh] Found 218.0.241.177 2017-04-15 16:33:57,517 fail2ban.filter [28873]...

@Gabor H Actually, irregardless of what you did find out, the modsecurity jail is not strict at all, it (amongst others) allows a lot of bad bots. Nevertheless, it is not the best jail in the default Fail2Ban jails shipped with Plesk. In general, if you have set Modsecurity (WAF) to "on"...

Hi Pleskie, pls. have a closer look at the Fail2Ban recidive jail and try to have a look at the Plesk documentation: Fail2Ban Jails Management ( Plesk online documentation for Plesk 12.5 ) You can certainly modify the standard settings, so that recuring banned IPs will be banned for a...

Hi David Jimenez, at your modification process, did you include as well YOUR current computer IP? If you deny traffic from your own current computer IP in the desired upcoming iptables, you will immidiately stop all traffic between your computer IP and the server and the current process of you...

Hi, i have a Problem, customers complaining about false positives. Most of the Ips its recidive Jail.. Actually i have following Settings: Fail2Ban 600 Seconds, 3 (default settings) Mod Security Atomic with active F2B. (set it to balanced) Plesk 12.5 Do we need some more Informations...

while checking fail2ban log file, I found fail2ban filter errors for "plesk-postfix" and "plesk-dovecot". Could anyone please explain the errors? How do I solve the errors? Thanks in advance! 2017-04-28 09:04:58,664 fail2ban.filter [6069]: INFO [plesk-postfix] Found 190.107.28.228...

After the last update # 41 the jail "recidive" generates the error "502 Bad Gateway nginx" blocking access to websites. To allow access to sites I had to disable the jail. Have you any suggestions to reactivate it without incurring the error 502?

Hi Antonio Volpe, such issues can appear, when your website coding is inadequate and leads to missing images, non-existent links and so on. But to inform you, it is NOT the "recidive" jail, which is blocking IPs for "bad behaviour" of your visitor - it's for example the jail...

Ok so finally it seems i found how to fix this problem. I have to add a date pattern in jail filter config. For example for recidive jail i edited this file : /etc/fail2ban/filter.d/recidive.conf and in [Init] section i added this to match my date format : datepattern = %%b %%d %%H:%%M:%%S and...

Thanks for the quick reply UFHH01 The command ls -lah / var / log / apache returns that there is no content inside the directory, it seems that during the upgrade something happened and it was deleted :( This is the output of the repair command:

Hi daanse, well... no... it is not "a lot", according to Pls. consider the usage of the jail "recidive", so that returning intruders/bots get banned for a longer time ( pls. use a custom ban-time here, which could be a reasonable 3-month/6-month, or even a ban-time for one year for example...

@G J Piper Correct, in a sense. Consider the recidive jail, scanning a period of 86400 seconds, i.e. one day. Consider your logrotation settings, with logrotation every 4 hours: log lines are (essentially) removed every 4 hours. Fail2Ban runs a "task" for the recidive jail and, at any...

Fail2ban route not working : fail2ban 0.9.2, A virgin install of centos 7 - plesk 12.5.30 #8 Fail2ban route working: fail2ban 0.8.3, centos 7 and a centos 6 server both with plesk 12.0.xx (lastest one don't remember the number) I was using fal2ban route.conf to create jails like recidive-route...

You should not worry about other VPS (the host server and virtualization software take care of that). The maillog issue: let me guess, a whole lot of line mentioning "unknown[<some IP>]"? Yeah, I am aware of this "issue": it probably started somewhere around 5th of june and is related to...

Hello, i have installed fail2ban, with all jails and a other with a blacklist. and spammer try different usernames for mail adress and with different password len since 5 days ! the mailservice from this domain is off in the configuration in plesk, the IP from this server in blocked in the...

Note that the huge log file is an indication of (EITHER) a huge lot of password-forgetting customers (OR) many hack attacks of the distributed, brute forcing kind, with those hack attacks not being identified as such by Fail2Ban. The above is not surprising, when taking into consideration the...

@UFHH01 In this post you seem to want to go into detail. Let´s do that, shall we? First of all, in the before mentioned post, you created a section "For example" and continue to explain why specific codes are associated with specific cases. In the explanation, you suggest that some of the...

@UFHH01 Thank you very much for this trick! I think it is working correctly, but I have one small problem. In the Jail I can see the IP of my server. Deleted because I thought it was a problem but after some minutes it was there again. What does this mean? Should I put my server's IP to...

Hi @UFHH01 , thank you for your explanations - my Problem is i never see exactly WHY someone gots banned. I know Jails and Filters and regex and sometimes i understand it but in this Case i don't find the Source. The Command which you mentioned shows as followed...

Hi Pleskie, I wonder why you ask questions about the Fail2Ban configuration, if you could inform yourself by READING the documentation, but o.k..... :rolleyes: First of all, pls be informed, that Fail2Ban - jails have it's very own JAIL ( = chain ) at iptables. Pls. use the command "iptables...