• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

fail2ban - Unable to disable

hardbrasil

hardbrasil

Regular Pleskian
fail2ban - Unable to disable [Solved]

Hello fellas,

i setup and enable fail2ban by Plesk 12 (tools and settings)

what happens is, few days after i am unable to access this option again. I got time out

i'v tried to disable by ssh "fail2ban-client stop" and nothing...
the command become loading and never conclude,

-----
how to remove or stop fail2ban ?
 
Last edited:
Like the original poster, I have had unsatisfying results with Fail2Ban. I have it running on two other systems but they only have less than 50 domains. On the server with nearly 150 domains, I can no longer get the "home" page in the panel. Nor will the Fail2Ban page come up from the Tools & Setting menu. I've tried Igor's suggestion at the command line and it never comes back. This evening I noticed that the webstats haven't been processed since August 11th which just happens to be when I turned it on; and I have to wonder if that's somehow related. Before I just reboot the server, are there any other suggestions?
 
Last edited:
You might have forgotten to define some exclusions for fail2ban, for example 127.0.0.1 ( localhost ) and your server - IPs.
You can set it over Plesk ... or directly on your server in the "jail.local" configuration file located at /etc/fail2ban/*. The setting for some exclusions are defined as followed:
Code: 
ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
...while XXX.XXX.XXX.XXX are your server - IPs or some additional IPs, which should be ignored by fail2ban, because you trust them.

The "stop" suggestion from IgorG will completly stop fail2ban. If you didn't configure automatic restarts for the fail2ban service, it will be stopped upon your next server restart. Optional you can try to restart the fail2ban service with "service fail2ban start" ( or "/etc/init.d/fail2ban start" ) and if you just want a restart of fail2ban then please use "service fail2ban restart" ( or "/etc/init.d/fail2ban restart" ).

To SacAutos:
Keep in mind, that fail2ban sets the iptable - rules based on your settings in your configured jails. The standard jail - rule is mostly the general bantime from the pre-configured jail.conf and is defined for 600 seconds. After this time fail2ban will delete the specific ban untill fail2ban identifies another IP defined by the jail - rules. You should always consider to configure the jail - rule "recidive" as well, because returning bad IPs should be banned for a longer period than 600 seconds. A well working "recidive" jail would look like this:
Code: 
[recidive]

enabled  = true
filter   = recidive
logpath  = /var/log/fail2ban.log
	/var/log/IF_YOU_HAVE_LOGROTATE_DEFINED_TO_ROTATE_FAIL2BAN-LOGS_YOU_CAN_ADD_ANOTHER_PATH_FOR_PREVIOUS_LOGS_HERE*
action   = iptables-allports[name=recidive]
bantime  = 604800  ; 1 week
findtime = 604800  ; 1 day
maxretry = 5

Sometimes it is a good idea to flush all iptables to get rid of bad entries, or entries which should have been removed by fail2ban, but just resist a delete request for what ever reason. The command for this option is "iptables -F" ( or iptables --flush ). Please restart fail2ban with "service fail2ban restart" ( or "/etc/init.d/fail2ban restart" ), because after flushing the whole iptables, the conditions for fail2ban need to be re-defined!

Even if you have 500-and more domains on your server, it doesn't mean that you have thousands of actual fail2ban - rule - breakers. ^^
 
IgorG said:
Just run

# /etc/init.d/fail2ban stop
Click to expand...

I am unable to stop with this command, become loading and nothing...

like SacAutos said i have the same issue. Blank page on home and time out if i try to access fail2ban

ps: i have 140 domains on this server
 
I wound up killing the process with a kill -KILL command as it would not go quietly into the dead of night. For now I have left it disabled so the automation can catch up. Like my other servers, I did nothing to configure it other than simply turn everything on. Frustrating...
 
Hi fellas,
here is the code to kill all fail2ban

ps -ef (to list all process)
ps -ef | grep fail2ban (to list all fail2ban process)

kill `ps ax|grep fail2ban|grep -v grep|awk '{print $1}'`
kill `ps ax|grep f2bmng|grep -v grep|awk '{print $1}'`
Click to expand...
 
You must log in or register to reply here.

Similar threads

T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
368
TurabG
T
H
Resolved Unable to Disable Node.js Application in Plesk – App Remains Accessible
Replies
1
Views
132
HawkSky
H
T
Question Where to add custom MariaDB variables to avoid them getting overwritten
Replies
4
Views
171
TurnRound
T
D
Sudden problem with themes
Replies
1
Views
5K
rohan3
R
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
3K
The 8th
The 8th
Back
Top