fail2ban

Hello community! I have a custom Fail2ban filter and jail. They were both set up from the web interface, however, one of my sites encountered an issue with Google's crawlers being banned by it. Obviously they use a whole bunch of IPs which they might change so I figured the best way is to...

Hello, fail2ban always blocks the IP addresses when a certain website is accessed. in the failban log 2023-10-17 09:58:57,096 fail2ban.filter [1958]: INFO [plesk-apache] Found banned IP - 2023-10-17 09:58:57 Other entries cannot be found in other log files. It only affects this WordPress...

Hi, I'm about to buy Plesk, I'm trying it and it doesn't convince me one thing, I installed LiteSpeed but no rule was created on Fail2Ban, as it happens for Apache. Do I have to configure the jail manually? Eventually, with what rules? Thank you

Hi, I'm trying to configure an email alert on some jail, but after I have configured it I have this error on fail2ban status : Jun 29 11:07:09 server.com fail2ban-server[144124]: Server ready Jun 29 11:07:09 server.com plesk-sendmail[144203]: S144203: from=<[email protected]> to=<[email protected]>...

I have a new site up, a work in progress and I'm already seeing tons of malicious traffic. I went from relying on mod_security and fail2ban to installing imunify360 because of how much hype I saw online. Now, i'm how different Imunify360 works compared to fail2ban and I'm not convinced its...

Hi, as it was discussed in this thread (Question - New installation: best practices, useful tips, suggests) before installing Plesk on server, I have removed Fail2Ban, there was been some problems during installation. When I have reboot the server, Fail2ban was disable (I cannot start it) and I...

I've been monitoring my server logs (the realtime log browser) and even though my HW firewall is setup to only permit access to a particular set of ports (ie: apache/nginx/ftp) etc. I still see a constant stream of bots/ips/servers trying to access SSH on my server and being unsuccessful. I use...

Hi All, I have a VPS, with the provider Contabo. Their support is pretty useless, so im reaching out to the community. Every few days, my E-mail stops working across the entire server with the same error (example below) (the email addresses change). Sometimes i can get acess back briefly by...

filter: [Definition] failregex = ^<HOST>.* "POST .*/wp-login.php([/\?#\\].*)? HTTP/.*" 200 ignoreregex = jail: [plesk-wordpress] enabled = true filter = plesk-wordpress action = iptables-multiport[name="wp-login", port="http,https", protocol="tcp"] logpath =...

Hello Community, I try to ban user with too many SASL authentication failures, the jail plesk-postfix does not seem to do this out of the box - at least I find a lot of tries in the maillog but no IP in its jail. There might be several reasons. First I'm a bit confused because I find a jail...

Hi. I have a problem with fail2ban. The fail2ban log shows this message and is banning users: I don't know which filter is causing this and how to fix it. Is there a way to update the standard-filters in plesk? Fail2ban Version: fail2ban...

My fail2ban doesn't ban this kind of records myserver courier-imaps: LOGIN FAILED, [email protected], ip=[::ffff:185.30.177.79], port=[3609] I see that plesk-courierimap jail should ban the ip of this record. This jail uses the filter plesk-courierlogin, which includes the regexp...

If you are blocked from your own server by Fail2Ban, you should check whether the Gmail app is running on the phone and whether IMAP/POP3 accounts are also configured there, which are collected. There may be old auth data entered and that locks you out. You may have entered this account in the...

As I only use nginx I guess it would be interesting to install for fail2ban an additional jail + filter just for nginx. Are there proposals to enhance the Plesk-fail2ban configuration for doing this?

I'm using Nextcloud and want to set its logfile to fail2ban's logpath. But when I specify the Nextcloud log(/var/www/vhosts/MYACCOUT/nextcloud/data/nextcloud.log), fail2ban gets failed. It seems that fail2ban can only be specified in /var/log or some other area. For example, I can't specify...

I want to specify the following filter in Plesk fail2ban. Even though I create it in filter management, when I create a new jail it does not appear in the menu as an option in the list of filters. I'm able to create the filter itself, but cannot specify it in new jail. How can I specify the...

Hi, I would like to check IPs connecting ports as 80 and 443, on real-time, against data base of abusing IPs, as abuseupdb.com. I have an API key, which allows curl checks. A test may look like this: Where the results would look like this: I also use ModSecurirty, that enables LUA...

Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: connection established Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: master_notify: status 0 Jan 19 22:49:00 intelligent-mahavira postfix/smtpd[670231]: name_mask: resource Jan 19 22:49:00 intelligent-mahavira...

Hi all, I've having a lot of requests (about 1000 a day) like this in my /var/log/maillog: Fail2ban with the plesk-dovecot jail is activated but is not blocking although requests are coming multiple times from the same IP within the time interval. Basically Fail2ban is working for other...

Hello, everybody, after I have migrated the server, fail2ban no longer ban ip addresses automatically, and put them in a list in the firewall, I have to di it manually, even though the rules of the jails are as same as previous. I can see the IP address in the list of banned ip under the jail...