• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Fail2Ban lock real users (repeated)

M

markusoswald

New Pleskian
Hi there,

i have one question.
I have a user who is always banned by Fail2Ban from Plesk. I have to unlock the IP manually everytime. Can someone tell me how this could happend?

Attached a screenshot from my Analytics. This is the user who is locked permanently.

His IP is changing every 24hours, so i´m looking for a solution...

Best regards!
 

Attachments

  • fail2ban.png
    fail2ban.png
    5.5 KB · Views: 9
Hi markusoswald,

pls. have a look at your screenshot by yourself and pls. describe, what sort of investigations could be done with the help of this screenshot? :confused:

Investigations are not done with screenshots. Investigations should be done with the help of configuration files and log - file - entries. We really can't guess, why a user get's banned by Fail2Ban on your server, nor do we know, what sort of fail2ban-jails/filters you use.
To investigate issues with Fail2Ban you should at least post the corresponding apache/nginx - log - entries of your domain/subdomain ( or the corresponding log - file - entries from the log, which is defined in the corresponding Fail2Ban - jail ) and the corresponding fail2ban - log - entries.

Pls. REDUCE the complete log - files to issues related to the banned IP, so that people willing to help you don't have to do the whole investigation work all by themselves and you just upload possible huge log - files. ;)
 
In the Fail2Ban extension see what jail has blocked the user.

If it is one of the mail jails: The user is using wrong login credentials on at least one device, e.g. his phone, his PC, a second computer ...
This is the by far most frequent reason for real-user lockouts.
Solution: Check all devices for wrong access credentials in mail client software.

If it is the wordpress jail: The user is frequently using the same functions while updating his Wordpress website.
Solution: There is none, unfortunately. You can try to raise the number of failures that trigger a jail to lock-out a user, but this also lowers security against real DoS and brute force attacks.
 
You must log in or register to reply here.

Similar threads

llucas
Question IP Address Banning (Fail2Ban) Configuration
Replies
2
Views
128
llucas
llucas
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
randypetersen
Question After upgrade PHP-FPM has high cpu usage.
Replies
6
Views
5K
Peter Debik
P
claxman
Issue Anacron job 'cron.daily' on server.domain (Fail2Ban Automatic Closing Problem)
Replies
17
Views
2K
Hiljo_Lodewijk
H
raykai
Issue Fail2ban not correctly banning IPs from users passing through Cloudflare even if real visitor's IPs are blocked by Fail2ban.
Replies
2
Views
2K
raykai
raykai
Back
Top