• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Fail2ban fails, no ip rotate

daanse

Regular Pleskian
Hi,
since ... one hour i have always same Ips in that List.
Exaclty 160 IPs (which is quite a lot i think)
and some specific IP from Customers Home Internet just dont want to get activated again.
F2b is set bantime to 10 minutes.
what am i missing?

I have to say, this Server is a little huge... 300 Domains
can i tune up my filters for working for a large Server?

Plesk 12.5
Debian 8
..
 
Hi daanse,

Exaclty 160 IPs (which is quite a lot i think)
well... no... it is not "a lot", according to
I have to say, this Server is a little huge... 300 Domains

Pls. consider the usage of the jail "recidive", so that returning intruders/bots get banned for a longer time ( pls. use a custom ban-time here, which could be a reasonable 3-month/6-month, or even a ban-time for one year for example! ).


and some specific IP from Customers Home Internet just dont want to get activated again.
You should consider to investigate possible issues/error/problems from your Fail2Ban - log and pls. keep in mind, that a higher log - level, defined at "fail2ban.conf":
Code:
...
[Definition]
[/INDENT]
# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = INFO
...
... can lead to a more verbose output in your log, for further investigations. ;)
In addition, it would really help your customers ( and yourself ! ), if you are trying to investigate WHY the customers IP got banned and by which filter. Consider to inspect domain - specific log - files for issues/errors/problems and pls. keep in mind, that it helps to use a "fail2ban-regex" - command with for example:

Global example for domain - specific searches:

fail2ban-regex /var/www/vhosts/system/*/logs/*log /etc/fail2ban/filter.d/YOUR-FILTER-NAME.conf --print-all-matched
Specific example:


fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf --print-all-matched


Help command for "fail2ban-regex", to list possible options:

fail2ban-regex --help
 
Back
Top