Highest Voted 'fail2ban' Questions

24

votes

1 answer

What is 'Found' in Fail2Ban Log File?

I have multiple instances like the following in /var/log/fail2ban.log: 2015-12-27 14:31:21,949 fail2ban.filter [1020]: INFO [sshd] Found ###.###.###.### (Where # substitutes for a diversity of IP addresses.) What exactly is the meaning…

logging lamp fail2ban

asked Dec 28 '15 at 18:48

nmax

361

8

votes

1 answer

fail2ban ban multiply recidive hosts

We are using fail2ban on our web-facing servers to block IP addresses that repeatedly fail to authenticate properly. Our normal bantime hereby is one hour; IPs that have already been banned multiple times are blocked for a day using the recidive…

fail2ban

asked Sep 24 '15 at 15:38

TheWolf

181

6

votes

1 answer

Trying to understand if fail2ban is working on Debian 10 VPS

I have a Debian 10 server running on a VPS. The only software I installed is: tinyproxy (http proxy) and fail2ban I have included the results of port scan using ss I have included my specific settings in the fail2ban jail.local file. I have…

fail2ban

asked Jan 23 '24 at 18:11

xstack

173

3

votes

1 answer

fail2ban permanent ban: resource considerations / limits?

I recently installed fail2ban on a VPS ( Ubuntu 20.04 ), with a very simple configuration to disperse ssh brute-force attackers. I am using fail2ban with ufw ( banaction = ufw ) and I decided to ban them permanently ( bantime = -1 ). This works…

openssh brute-force fail2ban

asked Jul 17 '20 at 04:11

darbehdar

230

3

votes

2 answers

How to get list banned ip and its unban time in fail2ban on Linux?

how to see a list of banned ip addresses and get its unban time? I know two methods to get list banned ip addresses. Via fail2ban client: sudo fail2ban-client status Via iptables: sudo iptables --list --line-numbers --numeric But both…

iptables fail2ban

asked Apr 06 '20 at 16:55

deSoul

31

3

votes

1 answer

safe fail2ban regex for postfix warning about hostname

I have a very low volume postfix install on my mail server. In fact, I am the only person receiving mails from it, albeit from a few different domains and mailboxes. Yesterday alone there were 811 warnings (52 unique host/IP) following this…

postfix fail2ban

asked Jun 27 '17 at 03:10

Tiksi

141

3

votes

0 answers

What docker stack layout for nginx, ufw, fail2ban, and private services

I have an unraid server running some dockerized services (eg emby & seafile) that offer web interfaces which now need to be opened up in order to be accessible from outside the LAN. Never opened any services to the world and am now having troubles…

remote-access nginx docker ufw fail2ban

asked Dec 23 '16 at 19:37

laur

238
1
2
17

3

votes

3 answers

Power machine off after failed login attempts from physical access

I would like to know if there are any common techniques of powering your computer off after a number of failed login attempts from the machine locally (from the terminal login, or from lightdm for example). For SSH or any remote login, I would just…

disk-encryption fail2ban

asked Oct 03 '16 at 01:20

andyortlieb

360

2

votes

2 answers

IPs not blocking with iptables/fail2ban "already banned" messages

I am using old iptables v1.4.7 in conjunction with fail2ban. I am however seeing "already banned" messages in the logs and can't figure out why they still reach my server and are not being blocked by the f2b-ASTERISK section as below. Do you see any…

iptables fail2ban

asked Apr 26 '23 at 13:27

Questionz

23
2

2

votes

1 answer

Fail2ban - Failed during configuration: File contains no section headers

I'm working on setting up Fail2ban for my linux (debian) server. When I check the status of the fail2ban service I am getting this error: ● fail2ban.service - Fail2Ban Service Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor…

fail2ban

asked Nov 01 '20 at 18:22

x43

123
1
4

2

votes

1 answer

fail2ban 404 bruteforcing sharex

I use my own server (nginx, I use https://yunohost.org as a CP) as a screenshot uploader with ShareX (https://getsharex.com/). During the upload process of the screenshots the filenames are randomized. The problem: Recently many people have been…

brute-force fail2ban

asked Aug 18 '19 at 15:42

KNIF

23

2

votes

1 answer

fail2ban not catching SMTP password brute force attack

Spammers are running brute force password guessing attacks on my server (postfix on Debian). They have already guessed two user's passwords and started sending spam using my server. Passwords changed and attacks mitigated (for now), but I want to…

postfix fail2ban sasl

asked Mar 02 '18 at 08:20

Shachar Shemesh

245
3
13

2

votes

1 answer

fail2ban has maxretry of 3 but I see authentication failures repeated 5 times

I am running Ubuntu 16.04 with ssh enabled through ufw and have configured fail2ban to enable the [sshd] and [sshd-ddos] jails with a maxretry of 3 (i.e. I want to ban any ips that fail to authenticate 3 times). When I look at the auth log I see a…

fail2ban

asked Feb 17 '17 at 19:17

Bucket Mouse

23

2

votes

1 answer

Fail2ban-regex isn't working

I am trying to check the config on one of my filter jails but every time I run fail2ban-regex /path/to/log.log /path/to/filter.conf I get the following error: Traceback (most recent call last): File "/usr/lib/python2.7/site.py", line 68, in…

python regex fail2ban

asked Aug 25 '16 at 12:39

TheStarvingGeek

485

2

votes

1 answer

Cant SSH into server, not responding

Short intro: I have 2 servers. Home server and in remote location Raspberry Pi. Both are running ssh, postfix (rpi as backup), bind (home server for lan only), squid3, fail2ban and other (possibly not so important). Both are behind routers with…

iptables raspberry-pi fail2ban

asked Aug 17 '16 at 15:46

Karls

51

Questions tagged [fail2ban]