jail.local
[DEFAULT]
ignoreip = 127.0.0.1
maxretry = 5
destemail = server@#########.###
findtime = 450
bantime = 4000
[plesk-apache-badbot]
enabled = true
[recidive]
enabled = true
[plesk-roundcube]
enabled = true
[plesk-panel]
enabled = true
[plesk-apache]
enabled = true
[plesk-courierimap]
enabled = true
[ssh]
enabled = true
[plesk-postfix]
maxretry = 3
enabled = true
bantime = 7000
[plesk-horde]
enabled = true
[plesk-proftpd]
maxretry = 3
enabled = true
##########
[DEFAULT]
findtime = 600
bantime = 600
##########
[plesk-apache]
enabled = true
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
logpath = logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
##########
[apache-nohome]
enabled = true
filter = apache-nohome
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
findtime = 21600
##########
[plesk-apache-badbot]
enabled = true
action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
logpath = logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
findtime = 43200
bantime = 604800
##########
[plesk-courierimap]
enabled = true
action = iptables-multiport[name="plesk-courierimap", port="imap,imap3,imaps,pop3,pop3s"]
logpath = /var/log/maillog
findtime = 43200
bantime = 604800
##########
[plesk-horde]
enabled = true
action = iptables-multiport[name="plesk-horde", port="http,https,7080,7081"]
logpath = /var/log/psa-horde/psa-horde.log
findtime = 43200
bantime = 604800
##########
[plesk-panel]
enabled = true
action = iptables-multiport[name="plesk-login", port="8880,8443"]
logpath = /var/log/plesk/panel.log
findtime = 43200
bantime = 604800
##########
[plesk-postfix]
enabled = true
action = iptables-multiport[name="plesk-postfix", port="smtp,smtps,submission"]
logpath = /var/log/maillog
findtime = 43200
bantime = 604800
##########
[plesk-proftpd]
enabled = true
action = iptables-multiport[name="plesk-proftpd", port="ftp,ftp-data,ftps,ftps-data"]
findtime = 43200
bantime = 604800
##########
[plesk-roundcube]
enabled = true
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
logpath = /var/log/plesk-roundcube/errors
findtime = 43200
bantime = 604800
##########
[recidive]
enabled = true
action = iptables-allports[name=recidive]
findtime = 43200
bantime = 604800
##########
[ssh]
enabled = true
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
##########
[named-refused-udp]
enabled = true
port = domain,953
protocol = udp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
logpath = /var/log/messages
findtime = 43200
bantime = 604800
maxretry = 1
##########
[named-refused-tcp]
enabled = true
port = domain,953
protocol = tcp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
logpath = /var/log/messages
findtime = 43200
bantime = 604800
maxretry = 1
##########
Most of those time frames were set default that way or very close.
As for the jail.local are you saying I should add these via the Plesk panel or should I just replace the current file with this one? If I do everything will be lost with the next f2b plesk update?
##########
[DEFAULT]
findtime = 600
bantime = 600
##########
[plesk-apache]
enabled = true
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
logpath = logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
##########
[apache-nohome]
enabled = true
filter = apache-nohome
action = iptables-multiport[name=apache, port="http,https,7080,7081"]
logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
findtime = 21600
##########
[plesk-apache-badbot]
enabled = true
action = iptables-multiport[name=BadBots, port="http,https,7080,7081"]
logpath = logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 5
findtime = 43200
bantime = 604800
##########
[plesk-courierimap]
enabled = true
action = iptables-multiport[name="plesk-courierimap", port="imap,imap3,imaps,pop3,pop3s"]
logpath = /var/log/maillog
findtime = 43200
bantime = 604800
##########
[plesk-horde]
enabled = true
action = iptables-multiport[name="plesk-horde", port="http,https,7080,7081"]
logpath = /var/log/psa-horde/psa-horde.log
findtime = 43200
bantime = 604800
##########
[plesk-panel]
enabled = true
action = iptables-multiport[name="plesk-login", port="8880,8443"]
logpath = /var/log/plesk/panel.log
findtime = 43200
bantime = 604800
##########
[plesk-postfix]
enabled = true
action = iptables-multiport[name="plesk-postfix", port="smtp,smtps,submission"]
logpath = /var/log/maillog
findtime = 43200
bantime = 604800
##########
[plesk-proftpd]
enabled = true
action = iptables-multiport[name="plesk-proftpd", port="ftp,ftp-data,ftps,ftps-data"]
findtime = 43200
bantime = 604800
##########
[plesk-roundcube]
enabled = true
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
logpath = /var/log/plesk-roundcube/errors
findtime = 43200
bantime = 604800
##########
[recidive]
enabled = true
action = iptables-allports[name=recidive]
findtime = 43200
bantime = 604800
##########
[ssh]
enabled = true
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/secure
##########
[named-refused-udp]
enabled = true
port = domain,953
protocol = udp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=udp]
logpath = /var/log/messages
findtime = 43200
bantime = 604800
maxretry = 1
##########
[named-refused-tcp]
enabled = true
port = domain,953
protocol = tcp
filter = named-refused
action = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
logpath = /var/log/messages
findtime = 43200
bantime = 604800
maxretry = 1
##########
# iptables -F
# service fail2ban restart
Stopping fail2ban: [ OK ]
Starting fail2ban: WARNING 'filter' not defined in 'plesk-apache-badbot'. Using default one: ''
WARNING No filter set for jail plesk-apache-badbot
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'filter' not defined in 'plesk-roundcube'. Using default one: ''
WARNING No filter set for jail plesk-roundcube
WARNING 'filter' not defined in 'plesk-courierimap'. Using default one: ''
WARNING No filter set for jail plesk-courierimap
WARNING 'filter' not defined in 'plesk-apache'. Using default one: ''
WARNING No filter set for jail plesk-apache
WARNING 'filter' not defined in 'plesk-panel'. Using default one: ''
WARNING No filter set for jail plesk-panel
WARNING 'filter' not defined in 'plesk-postfix'. Using default one: ''
WARNING No filter set for jail plesk-postfix
WARNING 'filter' not defined in 'plesk-horde'. Using default one: ''
WARNING No filter set for jail plesk-horde
WARNING 'logpath' not defined in 'plesk-proftpd'. Using default one: '/var/log/messages'
WARNING 'filter' not defined in 'plesk-proftpd'. Using default one: ''
WARNING No filter set for jail plesk-proftpd
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
ERROR No file(s) found for glob logpath = /var/www/vhosts/system/*/logs/error_log
ERROR No file(s) found for glob logpath = /var/www/vhosts/system/*/logs/error_log
[ OK ]
Stopping fail2ban: [ OK ]
Starting fail2ban: ERROR Found no accessible config files for 'filter.d/plesk-a pache-badbot' under /etc/fail2ban
ERROR Unable to read the filter
ERROR Errors in jail 'plesk-apache-badbot'. Skipping...
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
WARNING 'ignoreregex' not defined in 'Definition'. Using default one: ''
[FAILED]
[root@talkdevelopment ~]#
in jail "[plesk-apache-badbot]" ... after the line action, insert the line:
filter = apache-badbot
... and again, please flush again the iptables and restart fail2ban afterwards like before. ^^
If you still have some errors, or missbehaviour after all with fail2ban, please reply again in this thread... we "chatted" so long here, that I would be sad, if you still have issues....