Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion -
Inviting everyone to the UX test of a new security feature in the WP Toolkit
For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.
Resolved any way to flush all logs ?
- Thread starter raykai
- Start date
I'd discourage flushing logs as some software might actually quit working if an expected log file cannot be found. You will also lose a lot of data that might prove as an important resource for solving other issues. Instead of flushing logs, your could rotate them with logrotate. But there is easy way to do it for all the logs on a system in a simple command. You'll have to know all log locations and instruct logrotate what to do with them seperately.
As an alternative: If you know that a cloudflare IP is blocked, you must also know what the IP is. Could you simply add that IP to fail2ban's whitelist?
As an alternative: If you know that a cloudflare IP is blocked, you must also know what the IP is. Could you simply add that IP to fail2ban's whitelist?
Hi raykai,
all banned ip addresses are saved in the fail2ban.sqlite3 file located in /var/lib/fail2ban/fail2ban.sqlite3
Even if you clear all log files - fail2ban will recreate all banned ips out of the database after every sevice restart untill the bantime for the ip runs out! But first of all you need to find out why your cloudflare ip gets banned before doing anything else
I personally use my recidive jail with a bantime = -1 that means every ip in this jail is banned for ever - till the end of time or even if I will unban it manually
If you are using the standard recidive jail settings you only have to wait 7 days untill the ip gets unbanned. Of course you don't need to wait so long!
Here are 3 ways for solving your problem:
1. You are using the standard recidive jail settings? Perfect! Peters solution -using the whitelist option- is the best way for you. Put the ip on the whitelist and after 7 days you can delete it from it again because the bantime is running out.
2. You can clear the whole fail2ban log and also every banned ip from the fail2ban.sqlite3 database with the following steps:
I don't prefer this solution in your case because you are resetting every banned ip - but its a good method to reset fail2ban to point zero.
Dennis
all banned ip addresses are saved in the fail2ban.sqlite3 file located in /var/lib/fail2ban/fail2ban.sqlite3
Even if you clear all log files - fail2ban will recreate all banned ips out of the database after every sevice restart untill the bantime for the ip runs out! But first of all you need to find out why your cloudflare ip gets banned before doing anything else
I personally use my recidive jail with a bantime = -1
that means every ip in this jail is banned for ever - till the end of time or even if I will unban it manually If you are using the standard recidive jail settings you only have to wait 7 days untill the ip gets unbanned. Of course you don't need to wait so long!
Here are 3 ways for solving your problem:
1. You are using the standard recidive jail settings? Perfect! Peters solution -using the whitelist option- is the best way for you. Put the ip on the whitelist and after 7 days you can delete it from it again because the bantime is running out.
2. You can clear the whole fail2ban log and also every banned ip from the fail2ban.sqlite3 database with the following steps:
I don't prefer this solution in your case because you are resetting every banned ip - but its a good method to reset fail2ban to point zero.
- service fail2ban stop
- truncate -s 0 /var/log/fail2ban.log
- rm /var/lib/fail2ban/fail2ban.sqlite3
- service fail2ban restart
- done!
- don't worry - fail2ban recreates the fail2ban.sqlite3 file after restarting the service
- download the DB Browser for SQLite - http://sqlitebrowser.org/
- install the DB Browser
- download the fail2ban.sqlite3 file from your server location /var/lib/fail2ban/fail2ban.sqlite3fail2ban.sqlite3
- start the DB Browser an open your fail2ban.sqlite3 file
- now you need to search the database for the banned ip
- select it an click on "delete row"
- save the fail2ban.sqlite3 file and close the programm
- now connect to your server with ssh and type #service fail2ban stop
- then type #truncate -s 0 /var/log/fail2ban.log
- then upload the edited fail2ban.sqlite3 file with your ftp back to your server /var/lib/fail2ban/fail2ban.sqlite3fail2ban.sqlite3
- turn back to your ssh connection and type #service fail2ban restart
- done!
Dennis
