• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Fail2Ban is not banning

bulent

bulent

Regular Pleskian
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
CentOS Linux 7.2.1511 (Core)‬, Version 17.0.17 Update #5

PROBLEM DESCRIPTION
IP address is in Fail2Ban ban list but the page is still accessible from that ip address

STEPS TO REPRODUCE
Fail2Ban with active rules. Using opera browser with active VPN (my IP is white listed, so I use VPN)
After 5 false wordpress login attempts, IP address is in banned list but the site is still accessible.

ACTUAL RESULT
site is not banned

EXPECTED RESULT
site to be banned for 1400 seconds

ANY ADDITIONAL INFORMATION
 
Hi bulent,

can you confirm depending log - entries from your Fail2Ban - log, for a successfull ban and can you confirm as well, that the corresponding IP ( or its FQDN ) is listed when you use "iptables -L" ?

Are you sure, that you don't see a cached pages from your browser ( locally stored on the computer, where you used the browser ), after the IP has been banned?
 
Hi @UFHH01

I have something like this in my Fail2Ban log

2016-11-04 19:24:57,956 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:13,977 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:17,983 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:18,246 fail2ban.actions [9499]: NOTICE [plesk-wordpress] Ban 185.108.219.152
2016-11-04 19:25:19,679 fail2ban.filter [9499]: INFO [recidive] Found 185.108.219.152
2016-11-04 19:25:20,994 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:23,999 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:26,003 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152

As you see after the banning of the IP address it continue to appear in the log.
Pages are not cached.
I can't understand what you mean with "iptables -L" ?
 
Hi bulent,

bulent said:
I can't understand what you mean with "iptables -L" ?
Click to expand...
the command should be used over your command line ( as root ). ;)

Consider to use another log - level for Fail2Ban, to get a more verbose output in the log ( I would suggest "INFO", or even "DEBUG" ):

=> /etc/fail2ban/fail2ban.conf
Code: 
...
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = DEBUG

...
 
You must log in or register to reply here.

Similar threads

enerspace
Forwarded to devs Slave DNS manager does not transfer subdomains
Replies
10
Views
863
Dave W
Dave W
randypetersen
Question After upgrade PHP-FPM has high cpu usage.
Replies
6
Views
6K
Peter Debik
P
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
T
WEB UI - Fail2Ban version 0.11 supports incremental bantime, Plesk UI does not
Replies
9
Views
2K
trialotto
T
M
Physical hosting incorrectly active
Replies
1
Views
181
Kaspar
K
Back
Top