• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question What to do against high frequently attackers

DieterWerner

DieterWerner

Regular Pleskian
Either fail2ban or log to secure is to slow in order to prevent this (example):
2022-01-31 14:14:01,768 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,770 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,771 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,771 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,773 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,774 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,774 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,775 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,775 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,778 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,778 fail2ban.actions [11696]: NOTICE [plesk-postfix] Ban 193.56.29.154
2022-01-31 14:14:01,782 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,797 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,800 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,802 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,802 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,803 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,804 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,805 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,805 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01

So I wonder what could help
 
Those connection attempts occurred all within 100ms. And fail2ban has banned the IP within 10ms so it was working just fine. It takes some milliseconds for the ban to be active and for Postfix to log and process the failed login attempt that were made before the ban. So it's expected behaviour what you're seeing.

You can check your banned IPs with iptables -nvL, there you will see that the IP is listed and the dropped packet counter is increasing.
 
You must log in or register to reply here.

Similar threads

F
Issue Fail2ban: Ip addresses are not blocked by Recidive
Replies
14
Views
3K
frg62
F
Gianni
Question My IP in jail fail2ban using plesk
Replies
0
Views
636
Gianni
Gianni
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
3K
mizar
mizar
A
Question Some security questions
Replies
2
Views
1K
amba1980
A
R
Issue Unable To turn on Fail2Ban , Nothing In Logs
Replies
0
Views
1K
rushaboswal
R
Back
Top