• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Fail2Ban is not banning

bulent

bulent

Regular Pleskian
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
CentOS Linux 7.2.1511 (Core)‬, Version 17.0.17 Update #5

PROBLEM DESCRIPTION
IP address is in Fail2Ban ban list but the page is still accessible from that ip address

STEPS TO REPRODUCE
Fail2Ban with active rules. Using opera browser with active VPN (my IP is white listed, so I use VPN)
After 5 false wordpress login attempts, IP address is in banned list but the site is still accessible.

ACTUAL RESULT
site is not banned

EXPECTED RESULT
site to be banned for 1400 seconds

ANY ADDITIONAL INFORMATION
 
Hi bulent,

can you confirm depending log - entries from your Fail2Ban - log, for a successfull ban and can you confirm as well, that the corresponding IP ( or its FQDN ) is listed when you use "iptables -L" ?

Are you sure, that you don't see a cached pages from your browser ( locally stored on the computer, where you used the browser ), after the IP has been banned?
 
Hi @UFHH01

I have something like this in my Fail2Ban log

2016-11-04 19:24:57,956 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:13,977 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:15,980 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:17,983 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:18,246 fail2ban.actions [9499]: NOTICE [plesk-wordpress] Ban 185.108.219.152
2016-11-04 19:25:19,679 fail2ban.filter [9499]: INFO [recidive] Found 185.108.219.152
2016-11-04 19:25:20,994 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:23,999 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152
2016-11-04 19:25:26,003 fail2ban.filter [9499]: INFO [plesk-wordpress] Found 185.108.219.152

As you see after the banning of the IP address it continue to appear in the log.
Pages are not cached.
I can't understand what you mean with "iptables -L" ?
 
Hi bulent,

bulent said:
I can't understand what you mean with "iptables -L" ?
Click to expand...
the command should be used over your command line ( as root ). ;)

Consider to use another log - level for Fail2Ban, to get a more verbose output in the log ( I would suggest "INFO", or even "DEBUG" ):

=> /etc/fail2ban/fail2ban.conf
Code: 
...
[Definition]

# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = DEBUG

...
 
You must log in or register to reply here.

Similar threads

E
fail2ban: plesk-wordpress jail is to restrictive
Replies
1
Views
6K
Kaspar@Plesk
Kaspar@Plesk
A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
908
Bitpalast
Bitpalast
P
run-parts: /etc/cron.weekly/fail2ban-vacuum exited with return code 5
Replies
2
Views
523
PixelOnline
P
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
1K
Bitpalast
Bitpalast
enerspace
Forwarded to devs Slave DNS manager does not transfer subdomains
Replies
10
Views
2K
Dave W
Dave W
Back
Top