View Single Post
  #4  
Old 14th February 2013, 11:47
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,258
Thanks: 76
Thanked 23 Times in 19 Posts
Default

similar problem here, I manually tried to trigger fail2ban logging in anonymously into pure-ftp:

my fail2ban settings:
Quote:
failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*

[pureftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3
The logs look like this:

Quote:
Feb 14 11:44:32 h2118175 pure-ftpd: (?@85.214.249.219) [WARNING] Authentication failed for user [anonymous]
I tested it and it should pick up the attempts:
Quote:
fail2ban-regex /var/log/syslog /etc/fail2ban/filter.d/pure-ftpd.conf
.
.
.
Success, the total number of match is 19
I found this version somewhere, which one is the right one:
Quote:
[pureftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3
###edit###
The problem is fail2ban does absolutely nothing , just sits there looking pretty :-(

Last edited by Ovidiu; 14th February 2013 at 11:53.
Reply With Quote