All Questions
83 questions
0
votes
0
answers
126
views
Fail2Ban: already banned
I recently setup a VPS on hetzner and tried to secure it with fail2ban and by changing the default ssh port.
Firstly, regardles of fail2ban, I'm confused as I set firewall settings in hetzner console ...
0
votes
0
answers
131
views
Configure fail2ban to parse multiple log lines, e.g. Postfix mail rejects
I want to to block local authenticated mail users who generate spam, i.e. disable their SMTP access for a while as one of several countermeasures against hijacked accounts and malware.
To accomplish ...
- 149
1
vote
1
answer
4k
views
Issue with sshd logfile using fail2ban on minimal Ubuntu server 22.04
I am working on trying to get fail2ban set up and enabled for sshd on my VPS with Ionos. I am using a minimal Ubuntu 22.04 server install.
fail2ban has installed fine, but getting it to run seems a ...
- 11
0
votes
1
answer
139
views
fail2ban is working but not getting email to show that sshd-ddos is running
I have fail2ban running on my server and I have three programs running: sshd, sshd-ddos and runcloud-agent. There are no error messages but when I recently restarted my server, I got an email message ...
- 117
0
votes
1
answer
343
views
Using fail2ban to scan for SSH Accepted Connections and write the username to auth.log
I have a small server that authenticate users as root using their ssh-keys stored in authorized_keys file. I also run fail2ban.
I made a convention to have a nickname written after the public_key of ...
1
vote
1
answer
806
views
fail2ban doesnt work (Ubuntu/SSH)
i installed fail2ban it doesnt work im trying all the day to configure jail.conf..
this is my jail.conf(yes i changed the original one, my fault...)
enabled = true
port = ssh
filter = sshd
logpath =...
- 11
0
votes
1
answer
574
views
Blocking tor traffic with postfix or fail2ban on mailserver
I am running an Ubuntu 20.04 Lemp server, with postfix/dovecot. I have fail2ban set up so that if 2 unsuccessful loging attempts to my email are made by the same ip address, fail2ban bans the ip's ...
- 113
1
vote
1
answer
4k
views
Fail2ban bantime.increment not working
I wanted to increase the bantime of repeat offenders getting caught by fail2ban. I added the following lines at the top of /etc/fail2ban/jail.local and fail2ban.local
[DEFAULTS]
bantime.increment = ...
- 260
0
votes
1
answer
778
views
Backtesting Historical Logs in fail2ban
Setup
I'm running apache on an ubuntu server. I've created a fail2ban rule which bans an ip when they request too many pages too fast.
# Fail2ban Rule
failregex = ^.*?(:80|:443) <HOST> - .* &...
0
votes
1
answer
5k
views
fail2ban fails to add iptables to rules
I'm having issues with fail2ban is not adding the banned IP to iptables.
this is the error;
2022-01-29 15:13:48,499 fail2ban.actions [2608]: NOTICE [man] Restore Ban 212.192.246.26
2022-01-29 ...
- 31
2
votes
1
answer
771
views
Fail2ban partial IP match possible?
My server (Ubuntu 18.04) is getting a lot of spam requests on Postfix. Fail2ban is working but the spammers keep changing the last part of IP and not getting banned. For example,
2021-10-09 09:40:01,...
- 260
0
votes
1
answer
214
views
Fail2Ban banning addresses that SHOULD already be banned
I am running the default fail2ban ssh-auth rule to ban ips with 3 or more failed auth attempts in a window. However, I noticed a particular network being the source of a disproportionate amount of ...
- 101
2
votes
2
answers
4k
views
iptables block everything but http/https/ssh
I have this iptables configuration on my vps which is supposed to run Wordpress. What I want to do is block every incoming request except http on port 80, https on port 443 and ssh on port 22.
Chain ...
- 37
0
votes
0
answers
428
views
Fail2ban exited and didn't start back up
Today I faced a what seemed like a DDOS attack. My server provider warned me about excessive CPU usage (400% for over 6 hours) and I couldn't access any website, could not login via SSH either. Lish ...
- 260
-1
votes
1
answer
289
views
Fail2Ban is not updating iptables rules
I have set up fail2ban to protect my ssh port using these rather old instructions: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
I tested my set-up ...
- 121
0
votes
1
answer
926
views
Fail2ban banning odd IP address that are not in logs (0.0.0.4, 0.0.0.5, etc)
Server: Nginx
Fail2ban version: v0.9.3
It seems like no matter what I try, I cannot get fail2ban to find the correct host from the log entry consistently.
/etc/fail2ban/filter/expanse-bot.conf:
[...
- 398
0
votes
1
answer
206
views
Should I, and how should I defend against DOS SMTP attack
I was troubleshooting an outlook client trying to authenticate with the Mail server, and the client would time out ( it was an issue with a local outlook installation & machine firewall)
To ...
- 105
0
votes
1
answer
261
views
Fail2ban does not perform regex on odoo log
I have installed fail2ban with odoo 13.
Below are my configuration and sample output, but I cant seem to figure out why it does not filter.
user@tempdev:/etc/fail2ban# fail2ban-regex -v /var/log/odoo/...
- 105
1
vote
1
answer
1k
views
iptables not blocking only IPv6 IP's on Ubuntu 20.04 with iptables-persistent, IPv4 OK
I have Ubuntu 20.04 VPS (LEMP) and installed iptables-persistent. In this server, I have installed fail2ban and configured with CloudFlare to ban fail2ban banned IP's. Also, I use the CSF. I use a ...
- 107
1
vote
1
answer
2k
views
Fail2ban not banning ip address
I installed fail2ban on a Ubuntu 20.04 server. I've followed some articles on how to configure it but it doesn't work. I've made 10 incorrect login attempts and still didn't get banned.
/etc/fail2ban/...
- 113
-1
votes
1
answer
29
views
Postfix - Can Send / Receive Localy - Send External - Not receive from external
I just finish configuring my own mail server using this guide:
LinuxBabe Guide
At the start all was working but now I can not receive mail from external.
Here is my configuration file:
https://hatebin....
- 1
0
votes
1
answer
540
views
Fail2ban not finding or banning IPs
Fail2ban version v0.10.2
I have a simple jail that looks for a specific user agent.
[barkrowler]
enabled = true
filter = barkrowler
logpath = /var/log/apache2/proxy.mydomain.com.access.log
port = 80,...
- 398
4
votes
2
answers
8k
views
fail2ban not banning IPs on Ubuntu 20.04
Ubuntu 20.04. Trying to get fail2ban configured for SSH, but fail2ban not banning any IPs
/etc/fail2ban/jail.local
[DEFAULT]
bantime = 10m
ignoreip = 127.0.0.1/8 ##.##.##.##/32 ##.##.##.##/32
findtime ...
- 280
0
votes
1
answer
807
views
Fail2ban apache-noscript jail violation rules?
Which actions specifically are considered as violating apache noscript fail2ban module? I see that it correctly banned the ip that was looking for strange urls like "/admin" "/login&...
- 249
1
vote
0
answers
580
views
Do we need Fail2ban for VPN server?
we are using Ubuntu 20.04 LTS vps and running OpenVPN on it. We use certificate key to login to SSHD and the vps is not using any other program(eg. webserver etc).
Would you recommend installing and ...
- 11
1
vote
0
answers
610
views
Fail2ban unbans before restart and then rebans after restart, even though dbfile is set
I am new to running a web server. I have fail2ban version 0.9.3 on Ubuntu 16.04.6 LTS. I am pretty sure I have the latest version of fail2ban and just today updated all packages with apt.
Whenever I ...
- 11
3
votes
1
answer
794
views
fail2ban not banning on Ubuntu 19.04
I configured a jail for a PHP application login page, but failed login attempts:
stephane@example:~$ tail -400f /home/stephane/dev/docker/projects/common/volumes/logs/php_error_log
[15-Oct-2019 12:15:...
- 227
3
votes
1
answer
3k
views
ufw enable is not working, and it crashes my OS
Where the problems started:
First i tried to install fail2ban from the ISPmanager UI, the fail2ban was installed but i got a error related to the package coremanager-pkg-fail2ban, and the fail2ban ...
- 155
0
votes
1
answer
265
views
fail2ban filter matches no lines for xmlrpc attack
I'm trying to jail hosts that brute-force attack a web server, thereby creating (hundreds of) lines in /var/log/apache2/error.log of the form
[Fri Feb 01 11:17:56.158739 2019] [:error] [pid 15870] [...
5
votes
3
answers
10k
views
What is a good way to detect DoS and DDoS in Fail2Ban?
I am configuring Fail2Ban on my Ubuntu web server to prevent it from being a victim of DoS / DDoS. I don't want to use Cloudflare because I have to route my DNS over and use their SSl cert.
...
- 365
11
votes
3
answers
13k
views
How to block IPs that cause excessive 404 errors with Fail2ban?
I have installed Fail2Ban v0.10.2 on Ubuntu 18.04 with Apache 2.4.29 and enabled the standard ssh and apache jails for basic protection with email notification warnings, when an IP is blocked.
Having ...
user475270
1
vote
1
answer
3k
views
Using fail2ban to block mysql on localhost
I have fail2ban working on my server and it does ban SSH but I'm having problems banning users trying to access MariaDB using MySQL. I'm also using Adminer which is the main reason why I'm trying to ...
- 117
2
votes
3
answers
9k
views
fail2ban does not seem to ban an IP after repeated failed ssh login attempts
I'm trying to figure out why Fail2Ban doesn't seem to be doing anything on my server.
This is an Ubuntu 14.04 server:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
...
- 123
1
vote
1
answer
322
views
Jail errors & wont start
I've created a jail and action in an attempt to catch "DDoS attacks", however the log files show errors for this jail whenever I restart Fail2Ban. The jail & filter seem fairly straightforward, ...
- 255
2
votes
1
answer
1k
views
fail2ban appends to chain after installing iptables-persistent
I've used fail2ban a while now. Today I wanted to learn more about iptables and found iptables-persistent.
After installing, saving and cleanup the iptables rules in /etc/iptables/rules.v4 it looks ...
- 21
-1
votes
1
answer
3k
views
Attempting to send mail with sendmail on ubuntu 17.04?
I first installed sendmail on ubuntu 17.04 by running sudo apt-get install sendmail and then I made sure that the hostname of my machine was added to /etc/hosts/ right after localhost like this:
...
- 223
0
votes
0
answers
40
views
Iptables DROPs packet but I can still browse site
I have setup fail2ban behind an ELB following this post, everything seems to work and I get this:
root@ip-10-164-24-152:/home/ubuntu# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ...
- 1,689
9
votes
1
answer
10k
views
Why is fail2ban finding but not banning
I noticed something strange on my Ubuntu Xenial server.
It has SSH on the default port and it has fail2ban.
Fail2ban is detecting brute force attempts on the server and are logged accordingly:
2017-...
- 771
0
votes
1
answer
886
views
Fail2Ban not rejecting banned IP?
I've got a new Ubuntu Server setup with OpenSSH access (on a custom port) and a Fail2Ban installation.
Fail2Ban seems to be correctly banning IPs and adding them to the iptables, however once banned ...
- 113
4
votes
4
answers
38k
views
IPTABLES: Another app is currently holding the xtables lock
I manage an Ubuntu server (14.04) with ispconfig 3 installed on it. The server is being used for mail, web and data. The sysadmin before me had fail2ban and ufw enabled but we have been experiencing ...
- 141
1
vote
1
answer
1k
views
fail2ban restarts immediately after stopping
It seems like fail2ban is restarted immediately after calling fail2ban-client stop. Here's a part of the log file
2016-08-29 22:51:42,164 fail2ban.jail [2886]: INFO Jail 'apache-...
- 121
0
votes
1
answer
2k
views
Too much emails from fail2ban
I set up fail2ban on my Ubuntu server and specified an email address for notifications. I only want to be informed when a host is banned, but currently I get way to much emails with messages like
...
- 121
0
votes
0
answers
84
views
Optimizing log file size on Ubuntu VM
This is a fact-finding question. I'm implementing fail2ban to keep some unscrupulous elements out of my Django website's experience. Note that my webserver is nginx (reverse proxy) with gunicorn as ...
- 2,675
0
votes
0
answers
1k
views
fail2ban doesnt read log if file being used
My environment is Ubuntu 14.04, LAMP stack all from apt.
implemented fail2ban and configured jail.local with
backend = auto
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
...
- 101
2
votes
2
answers
827
views
Fail2Ban regex is wrong?
I'm currently setting up a filter to filter POST attacks on a file named xmlrpc.php. Requests that should be monitored in the log access look like:
1.99.437.201 - - [01/Feb/2016:01:57:14 +0000] "POST ...
- 153
0
votes
1
answer
2k
views
why fail2ban does not ban? (ubuntu, ssh)
I installed a fresh Ubuntu machine. Then I changed the ssh port which is no more 22 but 22111:
Then I have installed fail2ban:
apt-get install fail2ban -y
cp /etc/fail2ban/jail.conf /etc/fail2ban/...
- 3
4
votes
2
answers
6k
views
How do I specify multiple logfiles for a jail in fail2ban?
Heyo,
I'm using Ubuntu 15.10 and fail2ban 0.9.3. Apache is set up with a bunch of Apache virtualhosts.
I have my Apache2 logfiles located in subdirectories, one per localhost, e.g. '/var/log/apache2/...
- 51
0
votes
2
answers
627
views
Fail2ban not banning after update to latest version
I was running fail2ban 0.8.11 which is the version installed on Ubuntu 14.04 with apt-get. I downloaded and installed the latest source, 0.93.
When I start it up, I get two error messages.
WARNING ...
- 101
1
vote
1
answer
2k
views
Fail2Ban plug-in is enabled in Munin but the graph images are broken. How to fix?
I recently installed Fail2Ban on an Ubuntu 12.04.5 server and it’s working great. Now I want to setup Munin so it can monitor it and generate graphs/reports. I found that Munin has a built-in Fail2Ban ...
- 3,590
2
votes
2
answers
4k
views
How can I upgrade Fail2Ban in Ubuntu 12.04.5 LTS to get the “recidive” filter installed?
Basic question.
How can I install an upgraded version of Fail2Ban on my Ubuntu 12.04.5 LTS (Precise Pangolin) so I can have a recidive filter set. Ubuntu 12.04.5 LTS installs Fail2Ban 0.8.6 and I ...
- 3,590