View Single Post
  #6  
Old 12th January 2012, 20:41
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Please, just to try this:

1) Reduce "bantime" to 600 seconds.
2) Comment out with a # the line "action" in jail.conf, and add a line "port = http,https"

With iptables --list you must see after fail2ban restart as following:

fail2ban-pma tcp -- anywhere anywhere multiport dports http,https

instead of:

fail2ban-pma tcp -- anywhere anywhere

3) You have a duplicated "maxretry", delete one.
4) restart fail2ban, and try to access a few times the website using this line:

domain.com/phpmanager

You should get banned (because regex is working perfectly as you tested).

Logged in by ssh, when you get banned, use iptables --list again, and your ip must be listed in the following chain:

Chain fail2ban-pma (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Is not working and you are not banned, check the log file that fail2ban is using, and see if your attempt to enter to /phpmanager was logged correctly, and post line here.

To be debanned, you just have to restart fail2ban.

Post results pls.
Reply With Quote