fail2ban doesn't work anymore.
auth.log is full of login atempts and in the fail2ban.log it seems like ip's gets banned, but it doesn't ban them.
I use Plesk Onyx 17.8.11 Update Nr. 53 on Ubuntu 14.04 LTS
2021-01-03 02:05:32,632 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:33,130 fail2ban.actions [13038]: NOTICE [ssh] 222.187.238.93 already banned
2021-01-03 02:05:39,305 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:39,543 fail2ban.filter [13038]: INFO [pam-generic] Found 222.187.238.93
2021-01-03 02:05:39,545 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:40,291 fail2ban.actions [13038]: NOTICE [pam-generic] 222.187.238.93 already banned
2021-01-03 02:05:41,469 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:42,140 fail2ban.actions [13038]: NOTICE [ssh] 222.187.238.93 already banned
2021-01-03 02:05:53,531 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:53,721 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:05:53,723 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:54,305 fail2ban.actions [13038]: NOTICE [pam-generic] 122.194.229.120 already banned
2021-01-03 02:05:55,902 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:56,158 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:05:56,486 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:56,649 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:05:56,651 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:58,350 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:58,911 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:59,162 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:06:00,747 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:01,747 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:02,166 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:06:04,014 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,770 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,964 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,965 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:06:35,202 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
I used apt-get remove fail2ban and then installed it again with plesk.
Sometimes there are error messages in the log
2021-01-03 02:15:17,771 fail2ban.actions [13038]: NOTICE [ssh] Ban 51.103.32.47
2021-01-03 02:15:20,969 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2021-01-03 02:15:20,970 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- stderr: 'iptables: Memory allocation problem.\n'
2021-01-03 02:15:20,970 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2021-01-03 02:15:20,970 fail2ban.actions [13038]: ERROR Failed to execute ban jail 'ssh' action 'iptables' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f9fa7b2d488>, 'matches': u'Jan 3 02:15:15 v83184 sshd[24205]: User root from 51.103.32.47 not allowed because not listed in AllowUsers\nJan 3 02:15:15 v83184 sshd[24205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.103.32.47 user=root\nJan 3 02:15:17 v83184 sshd[24205]: Failed password for invalid user root from 51.103.32.47 port 44412 ssh2', 'ip': '51.103.32.47', 'ipmatches': <function <lambda> at 0x7f9fa7b2d2a8>, 'ipfailures': <function <lambda> at 0x7f9fa7b2d320>, 'time': 1609636517.771108, 'failures': 3, 'ipjailfailures': <function <lambda> at 0x7f9fa7b2d410>})': Error banning 51.103.32.47
edit: I just have read in the fail2ban log : "iptables: Memory allocation problem."
Maybe thats the problem? I just wonder why because I have the server for 5 years now and never had a problem.
auth.log is full of login atempts and in the fail2ban.log it seems like ip's gets banned, but it doesn't ban them.
I use Plesk Onyx 17.8.11 Update Nr. 53 on Ubuntu 14.04 LTS
2021-01-03 02:05:32,632 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:33,130 fail2ban.actions [13038]: NOTICE [ssh] 222.187.238.93 already banned
2021-01-03 02:05:39,305 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:39,543 fail2ban.filter [13038]: INFO [pam-generic] Found 222.187.238.93
2021-01-03 02:05:39,545 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:40,291 fail2ban.actions [13038]: NOTICE [pam-generic] 222.187.238.93 already banned
2021-01-03 02:05:41,469 fail2ban.filter [13038]: INFO [ssh] Found 222.187.238.93
2021-01-03 02:05:42,140 fail2ban.actions [13038]: NOTICE [ssh] 222.187.238.93 already banned
2021-01-03 02:05:53,531 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:53,721 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:05:53,723 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:54,305 fail2ban.actions [13038]: NOTICE [pam-generic] 122.194.229.120 already banned
2021-01-03 02:05:55,902 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:56,158 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:05:56,486 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:56,649 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:05:56,651 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:58,350 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:58,911 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:05:59,162 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:06:00,747 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:01,747 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:02,166 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
2021-01-03 02:06:04,014 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,770 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,964 fail2ban.filter [13038]: INFO [ssh] Found 122.194.229.120
2021-01-03 02:06:34,965 fail2ban.filter [13038]: INFO [pam-generic] Found 122.194.229.120
2021-01-03 02:06:35,202 fail2ban.actions [13038]: NOTICE [ssh] 122.194.229.120 already banned
I used apt-get remove fail2ban and then installed it again with plesk.
Sometimes there are error messages in the log
2021-01-03 02:15:17,771 fail2ban.actions [13038]: NOTICE [ssh] Ban 51.103.32.47
2021-01-03 02:15:20,969 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- stdout: ''
2021-01-03 02:15:20,970 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- stderr: 'iptables: Memory allocation problem.\n'
2021-01-03 02:15:20,970 fail2ban.action [13038]: ERROR iptables -w -I f2b-SSH 1 -s 51.103.32.47 -j REJECT --reject-with icmp-port-unreachable -- returned 1
2021-01-03 02:15:20,970 fail2ban.actions [13038]: ERROR Failed to execute ban jail 'ssh' action 'iptables' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f9fa7b2d488>, 'matches': u'Jan 3 02:15:15 v83184 sshd[24205]: User root from 51.103.32.47 not allowed because not listed in AllowUsers\nJan 3 02:15:15 v83184 sshd[24205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.103.32.47 user=root\nJan 3 02:15:17 v83184 sshd[24205]: Failed password for invalid user root from 51.103.32.47 port 44412 ssh2', 'ip': '51.103.32.47', 'ipmatches': <function <lambda> at 0x7f9fa7b2d2a8>, 'ipfailures': <function <lambda> at 0x7f9fa7b2d320>, 'time': 1609636517.771108, 'failures': 3, 'ipjailfailures': <function <lambda> at 0x7f9fa7b2d410>})': Error banning 51.103.32.47
edit: I just have read in the fail2ban log : "iptables: Memory allocation problem."
Maybe thats the problem? I just wonder why because I have the server for 5 years now and never had a problem.
Last edited: