• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Fail2Ban don't lock an IP

S

Stefan Becker

Basic Pleskian
Hi,

we have a brute force attack:

Code: 
188.132.180.106 - - [14/Jul/2014:22:03:37 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:38 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:39 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:40 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:40 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:41 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:41 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:42 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:43 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:44 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:44 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:46 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:46 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:47 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:48 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:48 +0200] "GET /administrator/index.php HTTP/1.0" 200 7244 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:49 +0200] "GET /administrator/index.php HTTP/1.0" 200 7117 "-" "-"
188.132.180.106 - - [14/Jul/2014:22:03:50 +0200] "POST /administrator/index.php HTTP/1.0" 303 262 "-" "-"

And so on, but the Fail2Ban doesn't lock this ip address, why? And how can we manually lock about the webinterface this ip?

Best regards,

Stefan
 
Unless you have failed basic authentication attempts logged, Fail2Ban will do nothing (since it's authentication failure monitor). Alternatively, if you have a custom login solution, then you need to 1) make sure it logs authentication failures somewhere, 2) create a filter and jail in Fail2Ban to match these failures, 3) test and activate them. Please note that improperly implemented filter or logging may result in DoS possibility for the service you're trying to protect (read Fail2Ban README for details).
 
You must log in or register to reply here.

Similar threads

J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
14
Views
629
pleskpanel
P
L
Resolved WordPress Permalink's stopped working
Replies
5
Views
1K
smithcreate
S
R
Issue POST 503 Error
Replies
4
Views
1K
Retr0
R
DigitalSplendid
Question Plesk on IBM Cloud: Terraform APPLY error: Terraform APPLY errorexit status 1
Replies
0
Views
693
DigitalSplendid
DigitalSplendid
E.BlackStone
Resolved ERROR: 'NoneType' object has no attribute 'run_sack'
Replies
4
Views
2K
websavers
websavers
Back
Top