Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th January 2012, 09:34
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 13 Times in 7 Posts
Default strange fail2ban behaviour > doesn't ban specific IP

Hi all,

I'm having a strange fail2ban issue ( which otherwise works perfect ).
For some reason the sshd.conf fail2ban regex doesn't pick up a specific brute force attack IP. ( 219.140.165.85 ) which is already for some weeks probing one of my servers, the probing isn't continuously but once every 20-30 minutes.
( the only reason I noticed is because my logwatch reports indicated it )

The regex is the standard regex ( I think ) that came with the package
Code:
failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
            ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
            ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$
            ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
            ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
a grepped auth.log for an IP ( 61.54.242.194 )that got banned.
Code:
Jan 10 01:02:37 localhost sshd[7801]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:02:37 localhost sshd[7801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:02:39 localhost sshd[7801]: Failed password for root from 61.54.242.194 port 60389 ssh2
Jan 10 01:02:47 localhost sshd[12130]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:02:47 localhost sshd[12130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:02:48 localhost sshd[12130]: Failed password for root from 61.54.242.194 port 33303 ssh2
Jan 10 01:02:54 localhost sshd[15027]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:02:54 localhost sshd[15027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:02:57 localhost sshd[15027]: Failed password for root from 61.54.242.194 port 35084 ssh2
Jan 10 01:03:01 localhost sshd[17113]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:03:01 localhost sshd[17113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:03:03 localhost sshd[17113]: Failed password for root from 61.54.242.194 port 36658 ssh2
Jan 10 01:03:07 localhost sshd[19775]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:03:07 localhost sshd[19775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:03:09 localhost sshd[19775]: Failed password for root from 61.54.242.194 port 37816 ssh2
Jan 10 01:03:20 localhost sshd[22300]: reverse mapping checking getaddrinfo for hn.kd.dhcp [61.54.242.194] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 10 01:03:20 localhost sshd[22300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.54.242.194  user=root
Jan 10 01:03:22 localhost sshd[22300]: Failed password for root from 61.54.242.194 port 38909 ssh2
and the log snippet for the IP ( 219.140.165.85 ) that doesn't get banned
( I only took the 9th of january )
Code:
Jan  9 00:13:28 localhost sshd[26129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 00:13:30 localhost sshd[26129]: Failed password for root from 219.140.165.85 port 47955 ssh2
Jan  9 00:30:19 localhost sshd[29098]: Did not receive identification string from 219.140.165.85
Jan  9 00:30:19 localhost sshd[29090]: Did not receive identification string from 219.140.165.85
Jan  9 00:47:22 localhost sshd[32029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 00:47:23 localhost sshd[32029]: Failed password for root from 219.140.165.85 port 41517 ssh2
Jan  9 01:55:08 localhost sshd[17262]: Did not receive identification string from 219.140.165.85
Jan  9 02:12:01 localhost sshd[22038]: Did not receive identification string from 219.140.165.85
Jan  9 02:47:10 localhost sshd[27552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 02:47:10 localhost sshd[27559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 02:47:11 localhost sshd[27552]: Failed password for root from 219.140.165.85 port 47819 ssh2
Jan  9 02:47:12 localhost sshd[27559]: Failed password for root from 219.140.165.85 port 46498 ssh2
Jan  9 03:04:20 localhost sshd[921]: Did not receive identification string from 219.140.165.85
Jan  9 03:21:24 localhost sshd[4193]: Did not receive identification string from 219.140.165.85
Jan  9 03:39:01 localhost sshd[6725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 03:39:03 localhost sshd[6725]: Failed password for root from 219.140.165.85 port 48121 ssh2
Jan  9 03:39:10 localhost sshd[6726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 03:39:12 localhost sshd[6726]: Failed password for root from 219.140.165.85 port 38199 ssh2
Jan  9 03:56:00 localhost sshd[9882]: Did not receive identification string from 219.140.165.85
Jan  9 04:13:27 localhost sshd[13404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 04:13:29 localhost sshd[13404]: Failed password for root from 219.140.165.85 port 58637 ssh2
Jan  9 04:47:38 localhost sshd[19128]: Did not receive identification string from 219.140.165.85
Jan  9 04:47:38 localhost sshd[19129]: Did not receive identification string from 219.140.165.85
Jan  9 05:04:41 localhost sshd[22382]: Did not receive identification string from 219.140.165.85
Jan  9 05:22:01 localhost sshd[25527]: Did not receive identification string from 219.140.165.85
Jan  9 05:22:04 localhost sshd[25525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 05:22:06 localhost sshd[25525]: Failed password for root from 219.140.165.85 port 44002 ssh2
Jan  9 05:39:03 localhost sshd[27919]: Did not receive identification string from 219.140.165.85
Jan  9 05:57:04 localhost sshd[31080]: Did not receive identification string from 219.140.165.85
Jan  9 06:31:48 localhost sshd[23091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 06:31:50 localhost sshd[23091]: Failed password for root from 219.140.165.85 port 38770 ssh2
Jan  9 07:06:02 localhost sshd[28762]: Did not receive identification string from 219.140.165.85
Jan  9 09:06:01 localhost sshd[18869]: Did not receive identification string from 219.140.165.85
Jan  9 09:06:02 localhost sshd[18876]: Did not receive identification string from 219.140.165.85
Jan  9 09:23:20 localhost sshd[21301]: Did not receive identification string from 219.140.165.85
Jan  9 09:40:34 localhost sshd[24444]: Did not receive identification string from 219.140.165.85
Jan  9 09:57:31 localhost sshd[26825]: Did not receive identification string from 219.140.165.85
Jan  9 09:57:37 localhost sshd[26823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 09:57:39 localhost sshd[26823]: Failed password for root from 219.140.165.85 port 52388 ssh2
Jan  9 10:31:21 localhost sshd[975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 10:31:23 localhost sshd[975]: Failed password for root from 219.140.165.85 port 45589 ssh2
Jan  9 10:31:34 localhost sshd[979]: Did not receive identification string from 219.140.165.85
Jan  9 10:31:37 localhost sshd[977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 10:31:39 localhost sshd[977]: Failed password for root from 219.140.165.85 port 52786 ssh2
Jan  9 10:48:39 localhost sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 10:48:42 localhost sshd[3493]: Failed password for root from 219.140.165.85 port 45118 ssh2
Jan  9 11:05:36 localhost sshd[6921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:05:38 localhost sshd[6921]: Failed password for root from 219.140.165.85 port 54159 ssh2
Jan  9 11:22:34 localhost sshd[9332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:22:34 localhost sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:22:36 localhost sshd[9332]: Failed password for root from 219.140.165.85 port 40092 ssh2
Jan  9 11:22:36 localhost sshd[9335]: Failed password for root from 219.140.165.85 port 50890 ssh2
Jan  9 11:39:35 localhost sshd[11784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:39:38 localhost sshd[11784]: Failed password for root from 219.140.165.85 port 52422 ssh2
Jan  9 11:56:33 localhost sshd[14937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:56:35 localhost sshd[14935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 11:56:36 localhost sshd[14937]: Failed password for root from 219.140.165.85 port 56762 ssh2
Jan  9 11:56:37 localhost sshd[14935]: Failed password for root from 219.140.165.85 port 41024 ssh2
Jan  9 12:13:33 localhost sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 12:13:35 localhost sshd[17513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 12:13:35 localhost sshd[17514]: Failed password for root from 219.140.165.85 port 50360 ssh2
Jan  9 12:13:37 localhost sshd[17513]: Failed password for root from 219.140.165.85 port 37334 ssh2
Jan  9 12:30:42 localhost sshd[20675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 12:30:44 localhost sshd[20675]: Failed password for root from 219.140.165.85 port 58037 ssh2
Jan  9 12:30:49 localhost sshd[20679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 12:30:50 localhost sshd[20679]: Failed password for root from 219.140.165.85 port 33452 ssh2
Jan  9 12:47:35 localhost sshd[23272]: Did not receive identification string from 219.140.165.85
Jan  9 12:47:40 localhost sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 12:47:43 localhost sshd[23270]: Failed password for root from 219.140.165.85 port 47787 ssh2
Jan  9 13:04:47 localhost sshd[25810]: Did not receive identification string from 219.140.165.85
Jan  9 13:22:11 localhost sshd[28947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 13:22:12 localhost sshd[28947]: Failed password for root from 219.140.165.85 port 39060 ssh2
Jan  9 13:39:20 localhost sshd[31348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 13:39:21 localhost sshd[31346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 13:39:23 localhost sshd[31348]: Failed password for root from 219.140.165.85 port 39280 ssh2
Jan  9 13:39:23 localhost sshd[31346]: Failed password for root from 219.140.165.85 port 46194 ssh2
Jan  9 14:14:59 localhost sshd[5822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 14:15:00 localhost sshd[5822]: Failed password for root from 219.140.165.85 port 60509 ssh2
Jan  9 14:32:05 localhost sshd[8993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 14:32:08 localhost sshd[8993]: Failed password for root from 219.140.165.85 port 49029 ssh2
Jan  9 14:49:22 localhost sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 14:49:24 localhost sshd[11381]: Failed password for root from 219.140.165.85 port 45999 ssh2
Jan  9 14:49:26 localhost sshd[11383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 14:49:28 localhost sshd[11383]: Failed password for root from 219.140.165.85 port 53114 ssh2
Jan  9 15:06:39 localhost sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 15:06:40 localhost sshd[14667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 15:06:41 localhost sshd[14668]: Failed password for root from 219.140.165.85 port 42538 ssh2
Jan  9 15:06:42 localhost sshd[14667]: Failed password for root from 219.140.165.85 port 36010 ssh2
Jan  9 15:23:57 localhost sshd[17064]: Did not receive identification string from 219.140.165.85
Jan  9 15:23:59 localhost sshd[17062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 15:24:01 localhost sshd[17062]: Failed password for root from 219.140.165.85 port 54651 ssh2
Jan  9 15:41:10 localhost sshd[20197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 15:41:13 localhost sshd[20197]: Failed password for root from 219.140.165.85 port 54511 ssh2
Jan  9 16:16:05 localhost sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 16:16:08 localhost sshd[28906]: Failed password for root from 219.140.165.85 port 60114 ssh2
Jan  9 16:50:43 localhost sshd[2296]: Did not receive identification string from 219.140.165.85
Jan  9 17:08:10 localhost sshd[5037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 17:08:12 localhost sshd[5037]: Failed password for root from 219.140.165.85 port 34311 ssh2
Jan  9 17:43:05 localhost sshd[10598]: Did not receive identification string from 219.140.165.85
Jan  9 17:43:05 localhost sshd[10599]: Did not receive identification string from 219.140.165.85
Jan  9 18:00:34 localhost sshd[14688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 18:00:36 localhost sshd[14688]: Failed password for root from 219.140.165.85 port 45649 ssh2
Jan  9 18:17:47 localhost sshd[17275]: Did not receive identification string from 219.140.165.85
Jan  9 18:34:59 localhost sshd[19689]: Did not receive identification string from 219.140.165.85
Jan  9 18:52:11 localhost sshd[22823]: Did not receive identification string from 219.140.165.85
Jan  9 18:52:25 localhost sshd[22821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 18:52:27 localhost sshd[22821]: Failed password for root from 219.140.165.85 port 45396 ssh2
Jan  9 19:26:33 localhost sshd[28471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 19:26:35 localhost sshd[28471]: Failed password for root from 219.140.165.85 port 32955 ssh2
Jan  9 19:43:30 localhost sshd[30865]: Did not receive identification string from 219.140.165.85
Jan  9 20:00:38 localhost sshd[2772]: Did not receive identification string from 219.140.165.85
Jan  9 20:34:55 localhost sshd[7750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 20:34:58 localhost sshd[7750]: Failed password for root from 219.140.165.85 port 33403 ssh2
Jan  9 21:26:04 localhost sshd[16735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 21:26:06 localhost sshd[16735]: Failed password for root from 219.140.165.85 port 57975 ssh2
Jan  9 21:43:13 localhost sshd[19132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 21:43:16 localhost sshd[19132]: Failed password for root from 219.140.165.85 port 41204 ssh2
Jan  9 22:00:10 localhost sshd[22059]: Did not receive identification string from 219.140.165.85
Jan  9 22:00:14 localhost sshd[21803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.140.165.85  user=root
Jan  9 22:00:16 localhost sshd[21803]: Failed password for root from 219.140.165.85 port 38165 ssh2
Jan  9 22:17:14 localhost sshd[24779]: Did not receive identification string from 219.140.165.85
Jan  9 22:17:15 localhost sshd[24780]: Did not receive identification string from 219.140.165.85
Jan  9 22:34:11 localhost sshd[27170]: Did not receive identification string from 219.140.165.85
Jan  9 22:34:14 localhost sshd[27171]: Did not receive identification string from 219.140.165.85
Jan  9 22:51:15 localhost sshd[30305]: Did not receive identification string from 219.140.165.85
Jan  9 23:08:12 localhost sshd[21738]: Did not receive identification string from 219.140.165.85
Jan  9 23:42:05 localhost sshd[27325]: Did not receive identification string from 219.140.165.85
Jan  9 23:59:06 localhost sshd[29724]: Did not receive identification string from 219.140.165.85
Frankly I can't see a difference in both logs and as to why the 1st gets banned and the other doesn't ...
Any help is greatly appreciated

Jan
__________________
Windows, the only virus you pay for
Reply With Quote
Sponsored Links
  #2  
Old 12th January 2012, 23:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Did you check if that IP is whitelisted in your fail2ban configuration?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 13th January 2012, 03:29
Djamu Djamu is offline
Member
 
Join Date: Sep 2007
Posts: 51
Thanks: 2
Thanked 13 Times in 7 Posts
Default

Thanks Falko for your suggestion,

No it's not on the whitelist.
But I started thinking of another route as the attack is a very slow one + the fact that a properly written daemon ( fail2ban ) wouldn't parse the complete logs ( as to resource intensive ).

So I asked an their mailing list if there would be a time setting the daemon uses to parse logs back in time counting offending IP's.
Lo and behold there is....

As reference for other users ...

The default is at 10 min.
the parameter is called "findtime = 600" ( time in seconds ).
and should go in jail.local under [DEFAULT]
I have set it now at 4 hours. > 14400 sec
My setting
Code:
[DEFAULT]
ignoreip = 127.0.0.1
destemail = *****@*****
maxretry = 3
bantime  = 86400
findtime = 14400
backend = polling
banaction = iptables-multiport
mta = sendmail
protocol = tcp
.....
.....
my 5 cents
__________________
Windows, the only virus you pay for
Reply With Quote
The Following User Says Thank You to Djamu For This Useful Post:
falko (13th January 2012)
Reply

Bookmarks

Tags
weird fail2ban behaviour

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban unable to ban aberrio Server Operation 0 25th March 2011 03:57
Fail2ban attacker Toucan General 2 6th October 2010 00:00
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 08:29
Fail2ban only ban on first time. ivomendonca Installation/Configuration 1 30th October 2009 19:48
Fail2Ban fails to ban :-) Wandering-Aimlessly Installation/Configuration 14 18th August 2009 17:37


All times are GMT +2. The time now is 20:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.