• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Fail2Ban recidive: how it work ?

OverWolf

Regular Pleskian
Hi,

I'm on CentOS 7.3 with Plesk 17.5.3 and I'm configuring fail2ban (0.9.6) recidive to ban for 24 hours an ip. But if you look at the print-screen seems that it doesn't work as I expect.
When an IP is found for a specific jail it's banned for the period that I have configured for that event (my postfix example is banned for 2 hours) even if that IP is found as recidive.
So, what's wrong ? Am I missing something ?

Thank you
 

Attachments

  • Fail2Ban.png
    Fail2Ban.png
    40.4 KB · Views: 67
Hi,
i've done other tests, and probably I found the error; I've changed the interval for detection of subsequent attacks and now seems that recidive works as expected.
So, I would like to know if I understand how it works: after the max numbers of failed login attempts (ssh, ftp, postfix, etc.), the ip is ban as recidive. If it so, why the default interval of detection is so sort ?
 
The recidive jail analyzes the fail2ban.log file. It does not directly analyze the postfix (maillog) log. Recidive counts the number of bans in the fail2ban.log.
 
You can define the duration of bans using the "bantime" directive in the according recidive section of /etc/fail2ban/jail.local. You can also exclude your own IP from tests by adding it to the "ignoreip" directive.
 
Back
Top