Facebook
Twitter
Azurel
Silver Pleskian
User name: Azurel
TITLE
Custom Fail2ban Jails not working
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
CentOS Linux 8.2.2004, Plesk Obsidian Version 18.0.29 Update #2
PROBLEM DESCRIPTION
JUMP TO POST #4
talk.plesk.com
I have created a custom Jail. The Jail is fake working, I see attacker ips in my custom jail, but this ips still crawl my website. I see new requests in access_ssl_log.
STEPS TO REPRODUCE
Filter added
Jail Added with
IP adress ban period is 15552000. Its not in settings box.
ACTUAL RESULT
As example; you can see "2a02:908:1086:3340:789d:323:2d19:aab8" is blocked by jail and its in this jail since hours!
But with this command
grep '2a02:908:1086:3340:789d:323:2d19:aab8' /var/www/vhosts/example.com/logs/access_ssl_log | tail
I get fresh results from access_ssl_log with new timestamps [27/Aug/2020:21:54:48 +0200]
This ip make 10000 page requests per hour...
Thats not a ipv6 issue. The same problem is with all ips in this jail.
EXPECTED RESULT
IP should actually be blocked.
ANY ADDITIONAL INFORMATION
Or is here a issue with my action?
action = iptables-allports[chain="INPUT", name="banned-servers", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
Template for
iptables-allports - Ban via iptables firewall, on all ports
is
iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", returntype="RETURN", lockingopt="-w"]
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
Custom Fail2ban Jails not working
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
CentOS Linux 8.2.2004, Plesk Obsidian Version 18.0.29 Update #2
PROBLEM DESCRIPTION
JUMP TO POST #4
Forwarded to devs - Fail2ban jails: Banned ips disappear in iptables too early
User name: Azurel TITLE Custom Fail2ban Jails not working PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE CentOS Linux 8.2.2004, Plesk Obsidian Version 18.0.29 Update #2 PROBLEM DESCRIPTION JUMP TO...
talk.plesk.com
I have created a custom Jail. The Jail is fake working, I see attacker ips in my custom jail, but this ips still crawl my website. I see new requests in access_ssl_log.
STEPS TO REPRODUCE
Filter added
Code:
[Definition]
failregex = <HOST>$
ignoreregex =Jail Added with
Code:
[banned_servers]
enabled = true
filter = server-block
action = iptables-allports[chain="INPUT", name="banned-servers", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
logpath = /var/www/vhosts/example.com/folder/fail2ban.log
maxretry = 1ACTUAL RESULT
As example; you can see "2a02:908:1086:3340:789d:323:2d19:aab8" is blocked by jail and its in this jail since hours!
But with this command
grep '2a02:908:1086:3340:789d:323:2d19:aab8' /var/www/vhosts/example.com/logs/access_ssl_log | tail
I get fresh results from access_ssl_log with new timestamps [27/Aug/2020:21:54:48 +0200]
This ip make 10000 page requests per hour...
Thats not a ipv6 issue. The same problem is with all ips in this jail.
EXPECTED RESULT
IP should actually be blocked.
ANY ADDITIONAL INFORMATION
Or is here a issue with my action?
action = iptables-allports[chain="INPUT", name="banned-servers", port="ssh", protocol="tcp", blocktype="REJECT --reject-with icmp-port-unreachable", returntype="RETURN", lockingopt="-w", iptables="iptables <lockingopt>"]
Template for
iptables-allports - Ban via iptables firewall, on all ports
is
iptables-allports[chain="INPUT", name="default", port="ssh", protocol="tcp", returntype="RETURN", lockingopt="-w"]
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
Last edited:
