Facebook
TwitterQuestion blocked ip in Fail2ban and iptables in Syslog Watch again
Hi,
If IP-address is blocked by a firewall, you shouldn't see hacking activities in logs at the same time.
Maybe ban was temporary and activities start again after unblock or IP-addresses every time is different.
If IP-address is blocked by a firewall, you shouldn't see hacking activities in logs at the same time.
Maybe ban was temporary and activities start again after unblock or IP-addresses every time is different.
the ip is blocked in fail2ban, maybe works fail2ban not correctly.
in the log from fail2ban i can see :
2018-02-01 14:22:19,205 fail2ban.actions [1454]: NOTICE [plesk-postfix] 54.xx.xx.xxx already banned
in the sys-log i can see the:
Feb 1 14:17:45 plesk_saslauthd[16120]: No such user 'service@xxx' in mail authorization database
Feb 1 14:17:45 plesk_saslauthd[16120]: failed mail authenticatication attempt for user 'service@xxxxx' (password len=25)
Feb 1 14:17:45 postfix/smtpd[15879]: warning: 220.ip-x-x.eu[xxxxxxxx]: SASL LOGIN authentication failed: authentication failure
in the log from fail2ban i can see :
2018-02-01 14:22:19,205 fail2ban.actions [1454]: NOTICE [plesk-postfix] 54.xx.xx.xxx already banned
in the sys-log i can see the:
Feb 1 14:17:45 plesk_saslauthd[16120]: No such user 'service@xxx' in mail authorization database
Feb 1 14:17:45 plesk_saslauthd[16120]: failed mail authenticatication attempt for user 'service@xxxxx' (password len=25)
Feb 1 14:17:45 postfix/smtpd[15879]: warning: 220.ip-x-x.eu[xxxxxxxx]: SASL LOGIN authentication failed: authentication failure
Last edited:
I suggest check firewall and firewall rules. Is it really active and really filter traffic from the IP-address? Fail2ban does not ban by itself, it is use system's firewall for that.
Similar threads
