Originally Posted by jysse
Here is how I managed to make this work.
Debian Lenny, ISPConfig3
If I understood correct there was an error in Debian's pure-ftpd filter. Correct line in /etc/fail2ban/filter.d/pure-ftpd.conf should be:
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$
Here is my jail.conf lines for pure-ftpd:
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 2
Hope this helps !
Thanks a lot--that missing \ in ])?: (.+?@<HOST>) sure caused a lot of trouble, including having Hetzner take my server offline for 6 hours because of the pure-ftpd attacks that weren't being blocked.