fail2ban

Hi, I would like to check IPs connecting ports as 80 and 443, on real-time, against data base of abusing IPs, as abuseupdb.com. I have an API key, which allows curl checks. A test may look like this: Where the results would look like this: I also use ModSecurirty, that enables LUA...

Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: connection established Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: master_notify: status 0 Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: name_mask: resource Jan 19 22:49:00 intelligent-mahavira...

Hi all, I've having a lot of requests (about 1000 a day) like this in my /var/log/maillog: Fail2ban with the plesk-dovecot jail is activated but is not blocking although requests are coming multiple times from the same IP within the time interval. Basically Fail2ban is working for other...

Hello, everybody, after I have migrated the server, fail2ban no longer ban ip addresses automatically, and put them in a list in the firewall, I have to di it manually, even though the rules of the jails are as same as previous. I can see the IP address in the list of banned ip under the jail...

I find the firewall rules names quite confusing. For example, the name of SMPT: SMTP (mail sending) server. Does this mean the smtp ports 25 and 465? I want to create my own custom rules and have some screenshots with settings below. Are these the correct settings? This is the image of SMTP...

I installed fail2ban but it doesn't block these attacks and ips Oct 28 19:11:11 server authpsa[487]: No such user '[email protected]' in mail authorization database Oct 28 19:11:11 server courier-imapd: LOGIN FAILED, method=PLAIN, ip=[::ffff:85.95.203.99], port=[58892] Oct 28 19:11:16 server...

Watchdog is running since Aug 10, 2021 02:17 PM. Watchdog is monitoring services: Plesk Web Server Plesk PHP Engine Web Server (Apache) SMTP Server (Postfix) Dovecot IMAP and POP3 server DNS Server (BIND) MySQL PostgreSQL Plesk SpamAssassin Plesk Postfix milter filter Web Proxy Server (Nginx)...

We had a client's server run out of disk space last night. It looks like fail2ban had made several copies of its database for some reason until it ran out: -rw------- 1 root root 1232522240 May 4 09:18 fail2ban.sqlite3 -rw------- 1 root root 1232522240 May 3 21:03...

I have enabled fail2ban and most of the jails are working properly. I have also enabled the recidive jail. Alas, I often see messages like this in /var/log/maillog: Apr 24 05:30:10 h2731888 postfix/smtpd[32272]: warning: unknown[203.159.80.233]: SASL LOGIN authentication failed: authentication...

Hello, I have no banned IP while many failed connection attempts on postfix. I think fail2ban is not working properly on my server. (Obsidian 18.0.34 on Debian 10) Its settings are the original ones and the Plesk jails are enabled fail2ban-client status Status |- Number of jail: 11 `-...

The question has been asked before by others: Question - fail2ban update because it was last updated, prior to Obsidian being upgraded to General Release status: Change Log for Plesk Obsidian yet there's still no sign or inclination, that this well overdue update, will be arriving anytime...

Hello guys I'm using fail2ban in Plesk working pretty smoothly. I extended BAN period to months (instead of just some minutes), and the list of banned hosts grows as expected. At this time the list of banned hosts is about 8K, not a problem at all, for now. My question is if an excessive...

Dear Staff team/fellow users, is it possible to start fail2ban using python3? Python 2.x has reached EOL a full year ago. I know that fail2ban supports Python 3.2+, but I can't find a setting to use that

I could observe many times in the last few weeks that everytime I click around a bit more enthusiastically in DokuWiki, a private Wiki I have set up as a subdomain in Plesk, there comes a point when the page won't load anymore and I can't reach any website anymore hosted on my Plesk server...

Problem description: For many years and across a five digit large number of domains and customers we've seen some customers failing logins from their smartphones and sometimes from MS Outlook and Apple Mail. For many users it was a pain to configure their phones correctly. On Samsung's Android...

Have just discovered that all the unbans are now failing. Errors like this: 938 fail2ban.actions [961]: ERROR Failed to execute unban jail 'recidive' action 'iptables-allports' info 'ActionInfo({'ipfailures': 12, 'ip-rev':... 985 fail2ban.actions [961]: ERROR Failed to...

I installed a new typo3 10lts via composer linux plesk obsidian 18.0.27 and ubuntu 16lts. When trying to access the page module, I get such errors in the error_log: ... the browser freezes and the my IP gets thrown in fail2boan. On the same server I have another test domain with the same php...

Hi, --- OS ‪CentOS Linux 7.7.1908 (Core)‬ Product Plesk Obsidian Version 18.0.24, last updated on Feb 20, 2020 01:30 AM --- Yesterday I noticed, 'Trusted IP Addresses' in Fail2Ban has gone missing and left only with 127.0.0.1/8. I always had 127.0.0.1/8, ::1/128 and the server IP...

I am trying to implement solution which will ban IP on country basis, i know that Juggernaut can do that but in my env that module was causing spontaneous firewall block for all traffic, so i am just searching other way to ban country based on MaxMind GeoIP databases. Does anyone have heard of...

I want to make my recidive efficient in a way i could ban returning hackers which try to bruteforce postfix. I observe that hackers have thousands of servers over the whole world so thinking of a way to ban most of them, so maybe i could use fail2ban + geoIP and ban half of the world (but i did...