• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Fail2ban fails, no ip rotate

D

daanse

Regular Pleskian
Hi,
since ... one hour i have always same Ips in that List.
Exaclty 160 IPs (which is quite a lot i think)
and some specific IP from Customers Home Internet just dont want to get activated again.
F2b is set bantime to 10 minutes.
what am i missing?

I have to say, this Server is a little huge... 300 Domains
can i tune up my filters for working for a large Server?

Plesk 12.5
Debian 8
..
 
Hi daanse,

daanse said:
Exaclty 160 IPs (which is quite a lot i think)
Click to expand...
well... no... it is not "a lot", according to
daanse said:
I have to say, this Server is a little huge... 300 Domains
Click to expand...

Pls. consider the usage of the jail "recidive", so that returning intruders/bots get banned for a longer time ( pls. use a custom ban-time here, which could be a reasonable 3-month/6-month, or even a ban-time for one year for example! ).


daanse said:
and some specific IP from Customers Home Internet just dont want to get activated again.
Click to expand...
You should consider to investigate possible issues/error/problems from your Fail2Ban - log and pls. keep in mind, that a higher log - level, defined at "fail2ban.conf":
Code: 
...
[Definition]
[/INDENT]
# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = INFO
...
... can lead to a more verbose output in your log, for further investigations. ;)
In addition, it would really help your customers ( and yourself ! ), if you are trying to investigate WHY the customers IP got banned and by which filter. Consider to inspect domain - specific log - files for issues/errors/problems and pls. keep in mind, that it helps to use a "fail2ban-regex" - command with for example:

Global example for domain - specific searches:

fail2ban-regex /var/www/vhosts/system/*/logs/*log /etc/fail2ban/filter.d/YOUR-FILTER-NAME.conf --print-all-matched
Specific example:

fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf --print-all-matched


Help command for "fail2ban-regex", to list possible options:

fail2ban-regex --help
 
You must log in or register to reply here.

Similar threads

O
Question How to fine-tune Fail2Ban? (filters, jails, settings, Nginx, blocklists, badips sync, IPv6)
Replies
12
Views
5K
IgorG
IgorG
Giorgos Kontopoulos
fail2ban problems with latest update plesk 12.5.30 Update #8
Replies
0
Views
3K
Giorgos Kontopoulos
Giorgos Kontopoulos
lvalics
Resolved CBL and PLESK
Replies
3
Views
3K
trialotto
T
danami
Resolved Juggernaut Security and Firewall Plesk Addon
4 5 6
Replies
114
Views
36K
danami
danami
M
Contribution How to install (D)DoS Deflate and APF (Advanced Policy Firewall) to block bad IPs
2
Replies
20
Views
30K
costasias81
C
Back
Top