View Single Post
  #25  
Old 1st February 2013, 23:37
PermaNoob PermaNoob is offline
Senior Member
 
Join Date: Jan 2007
Posts: 194
Thanks: 12
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by jysse View Post
Here is how I managed to make this work.
Debian Lenny, ISPConfig3

If I understood correct there was an error in Debian's pure-ftpd filter. Correct line in /etc/fail2ban/filter.d/pure-ftpd.conf should be:
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$

Here is my jail.conf lines for pure-ftpd:

[pure-ftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 2

Hope this helps !

jysse
Thanks a lot--that missing \ in ])?: (.+?@<HOST>) sure caused a lot of trouble, including having Hetzner take my server offline for 6 hours because of the pure-ftpd attacks that weren't being blocked.

Last edited by PermaNoob; 1st February 2013 at 23:40.
Reply With Quote