• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Fail2Ban is not banning

bulent

bulent

Regular Pleskian
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
CentOS Linux 7.2.1511 (Core)‬, Version 17.0.17 Update #5

PROBLEM DESCRIPTION
IP address is in Fail2Ban ban list but the page is still accessible from that ip address

STEPS TO REPRODUCE
Fail2Ban with active rules. Using opera browser with active VPN (my IP is white listed, so I use VPN)
After 5 false wordpress login attempts, IP address is in banned list but the site is still accessible.

ACTUAL RESULT
site is not banned

EXPECTED RESULT
site to be banned for 1400 seconds

ANY ADDITIONAL INFORMATION
 
Hi bulent,

can you confirm depending log - entries from your Fail2Ban - log, for a successfull ban and can you confirm as well, that the corresponding IP ( or its FQDN ) is listed when you use "iptables -L" ?

Are you sure, that you don't see a cached pages from your browser ( locally stored on the computer, where you used the browser ), after the IP has been banned?
 
Hi @UFHH01

I have something like this in my Fail2Ban log

2016-11-04 19:24:57,956 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:13,977 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:17,983 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:18,246 fail2ban.actions [9499]: NOTICE [plesk-wordpress] Ban 185.108.219.152
2016-11-04 19:25:19,679 fail2ban.filter [9499]: INFO [recidive] Found 185.108.219.152
2016-11-04 19:25:20,994 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:23,999 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:26,003 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152

As you see after the banning of the IP address it continue to appear in the log.
Pages are not cached.
I can't understand what you mean with "iptables -L" ?
 
Hi bulent,

bulent said:
I can't understand what you mean with "iptables -L" ?
Click to expand...
the command should be used over your command line ( as root ). ;)

Consider to use another log - level for Fail2Ban, to get a more verbose output in the log ( I would suggest "INFO", or even "DEBUG" ):

=> /etc/fail2ban/fail2ban.conf
Code: 
...
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = DEBUG

...
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
995
sulabhpuri
S
J
fail2ban: plesk-wordpress jail is to restrictive
Replies
1
Views
6K
Kaspar@Plesk
Kaspar@Plesk
A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
2K
Bitpalast
Bitpalast
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
970
andreios
andreios
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
994
TurabG
T
Back
Top