Questions tagged [Fail2ban] (43)

in filter.d/asterisk.conf file there are these variations Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.* Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.* DEBUG.* .*: Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*$ DEBUG.* .*: Trying to put 'SIP/2....

Is it possible to run fail2ban on multiple servers with a common base the ban and after the restart was picked up by the existing ban list.

I have a jail.local, after three unsuccessful attempts to log into the web interface phpmyadmin is blocked access to the server: [phpmyadmin] enabled = true maxretry = 3 port = http,https filter = phpmyadmin logpath = /var/log/apache2/phpmyadmin/access.log action = iptables-multiport[name=phpmyadmin, port="http,https", prot...

vesta cp / centos 6 When connecting to smtp or imap gives an error Connection failed to domain.ru port: Connection refused ip and domain are on a local network server if you disable fail2ban in vesta panel, then connections are correct. Can ka who is in the white lists is to make these domains?

Good afternoon. The bottom line is : There is a mail server FreeBSD nearly every 3 seconds knocks IPS. /var/log/exim/mainlogdovecot_login authenticator failed for ([xx.xx.xxx.xx]) [xx.xx.xxx.xx] I=[xxx.xxx.xx.xxx]:25: 535 Incorrect authentication data Does not fulfill dovecot: /etc/fail2ban/filter.d/dovecot.conf_auth_worke...

Tweaked the config file, finally got a 6-7 fold increase of banned IP it is not correct the program works, or really so many bots?[sshd] enabled = true bantime = 86400 findtime = 650 maxretry = 3spoiler~ # fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 4 | |- Total failed: 78 | `- Fil...

They say happiness is in ignorance, the way it was before I configured fail2ban and was horrified and it's starting in the morning why are they so desperately trying to access my server? and how in this limit while retaining the convenience of login/password?

Hi all! Wanted to ask a question of people's minds - how has the meaning set fail2ban together with iptables if firewall still sewn only certain IP addresses to access SSH on the server? Wouldn't you be some overhead to protect the server?

fail2ban-server-V Fail2Ban v0.9.7 There is a need to restrict access to port 873 on the server, sketched config: fail2ban/jail.d/rsyncd.conf[rsyncd] enabled = true port = 873 filter = rsyncd logpath = /var/log/rsyncd.log maxretry = 3 findtime = 600 bantime = 3600 fail2ban/filter.d/rsyncd.conf[Definition] failregex = \auth f...

All good. There is a mail server where you installed fail2ban and now he throws the addresses in the ban, but I can not understand where are they. I closed the passage icmp inbound on the router, can anyone have the desire to explain, where are they and how to close such rudeness, as my address sometimes also appears in t...