Questions tagged [Fail2ban] (43)

0
answer

Not added the ip in the fail2ban filter rules. What are you doing wrong?

in filter.d/asterisk.conf file there are these variations Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.* Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.* DEBUG.* .*: Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*$ DEBUG.* .*: Trying to put 'SIP/2....
barton asked April 8th 20 at 02:07
1
answer

Is it possible to run fail2ban on multiple servers with a common base?

Is it possible to run fail2ban on multiple servers with a common base the ban and after the restart was picked up by the existing ban list.
everett_Ward asked April 7th 20 at 10:57
2
answers

How to make fail2ban during the ban to execute a bash script?

I have a jail.local, after three unsuccessful attempts to log into the web interface phpmyadmin is blocked access to the server: [phpmyadmin] enabled = true maxretry = 3 port = http,https filter = phpmyadmin logpath = /var/log/apache2/phpmyadmin/access.log action = iptables-multiport[name=phpmyadmin, port="http,https", prot...
Rogelio.Shiel asked April 7th 20 at 09:01
1
answer

Why fail2ban is blocking smtp and imap?

vesta cp / centos 6 When connecting to smtp or imap gives an error Connection failed to domain.ru port: Connection refused ip and domain are on a local network server if you disable fail2ban in vesta panel, then connections are correct. Can ka who is in the white lists is to make these domains?
mark_Altenwerth asked April 4th 20 at 12:36
1
answer

Does not block user. Fail2Ban. How to fix?

Good afternoon. The bottom line is : There is a mail server FreeBSD nearly every 3 seconds knocks IPS. /var/log/exim/mainlogdovecot_login authenticator failed for ([xx.xx.xxx.xx]) [xx.xx.xxx.xx] I=[xxx.xxx.xx.xxx]:25: 535 Incorrect authentication data Does not fulfill dovecot: /etc/fail2ban/filter.d/dovecot.conf_auth_worke...
cameron_Crist asked April 3rd 20 at 23:39
3
answers

What's wrong with the config?

Tweaked the config file, finally got a 6-7 fold increase of banned IP it is not correct the program works, or really so many bots?[sshd] enabled = true bantime = 86400 findtime = 650 maxretry = 3spoiler~ # fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 4 | |- Total failed: 78 | `- Fil...
kathryn asked April 3rd 20 at 17:32
5
answers

Why this hell my cozy little server?

They say happiness is in ignorance, the way it was before I configured fail2ban and was horrified and it's starting in the morning why are they so desperately trying to access my server? and how in this limit while retaining the convenience of login/password?
casimer_Spinka asked March 31st 20 at 20:54
0
answer

Fail2ban and iptables (ufw) how to combine?

Hi all! Wanted to ask a question of people's minds - how has the meaning set fail2ban together with iptables if firewall still sewn only certain IP addresses to access SSH on the server? Wouldn't you be some overhead to protect the server?
Stevie_Bayer asked March 31st 20 at 14:49
1
answer

Fail2ban How to set regex expression?

fail2ban-server-V Fail2Ban v0.9.7 There is a need to restrict access to port 873 on the server, sketched config: fail2ban/jail.d/rsyncd.conf[rsyncd] enabled = true port = 873 filter = rsyncd logpath = /var/log/rsyncd.log maxretry = 3 findtime = 600 bantime = 3600 fail2ban/filter.d/rsyncd.conf[Definition] failregex = \auth f...
Melyssa_Roob asked March 31st 20 at 14:45
0
answer

How do they fit?

All good. There is a mail server where you installed fail2ban and now he throws the addresses in the ban, but I can not understand where are they. I closed the passage icmp inbound on the router, can anyone have the desire to explain, where are they and how to close such rudeness, as my address sometimes also appears in t...
Jessika asked March 31st 20 at 14:04