HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   ISPConfig 3 Priority Support (
-   -   Fail2Ban repeating ban/unban warnings (

Fluotonic 9th May 2013 16:44

Fail2Ban repeating ban/unban warnings
Hi guys,

I just noticed something streange and I'm a bit worried about it. Please look at this in my fail2ban.log :


2013-05-08 17:28:45,062 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 17:38:45,709 fail2ban.actions: WARNING [pureftpd] Unban
2013-05-08 17:41:18,875 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 17:51:19,518 fail2ban.actions: WARNING [pureftpd] Unban
2013-05-08 17:56:18,838 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 18:06:19,482 fail2ban.actions: WARNING [pureftpd] Unban
2013-05-08 20:59:34,496 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 21:09:35,142 fail2ban.actions: WARNING [pureftpd] Unban
2013-05-08 21:13:36,405 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 21:23:37,049 fail2ban.actions: WARNING [pureftpd] Unban
2013-05-08 21:56:55,182 fail2ban.actions: WARNING [pureftpd] Ban
2013-05-08 22:06:55,828 fail2ban.actions: WARNING [pureftpd] Unban

This is a chinese IP and it looks like an attempt to enter my server, isn't it? Do I have to worry about this?


darinpeterson 9th May 2013 17:29

I'm no expert, but it looks like you're server is being attacked by an automated script from that IP address. The script is trying to ftp into your server.

Does the sequence continue on, or has it stopped?

Fluotonic 9th May 2013 17:36

Hi Darin,

Yes it stopped. I would like to ban this IP though, just in case. How can I do that in ISPConfig?

I'm having a problem with an IP I would like to unban on the other side. One of my clients can't connect on the FTP this time. How can I do that?

This ban/unban thing is a bit obscure for me...

Thanks for your help!

till 9th May 2013 21:24

The ban and unban is ok, its the purpose of fail2ban and the log file shows that it works as intended. Fail2ban bans a ip if there are too many failed login attemps from that ip and it eill unban the ip after some time to avoid that your users get blocked permanently. This is useful and nescessary this does not has to be an attack, it can simply be a normal ftp client were soeone entered a wrong password which tries to auto reconnect.

Banning aind unbanning is done with iptables, so you can ban ips also manually. Your lient ip should already be unbanned as the ban time on your server is most likely 10 minutes.

Fluotonic 9th May 2013 22:04

Hi Till,

Thank you very much for this answer!

No need for me to ban manually then? Seems awesome if it's automatic :-)


falko 11th May 2013 13:14


Originally Posted by Fluotonic (Post 296951)
No need for me to ban manually then? Seems awesome if it's automatic :-)

That's right! :)

All times are GMT +2. The time now is 03:57.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.