#1  
Old 5th October 2010, 20:56
Toucan Toucan is offline
Senior Member
 
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 39 Times in 33 Posts
Default Fail2ban attacker

Fail2ban constantly reports warnings banning ip addresses. This eventually causes apache to stop responding and needs restarting. Am I being attacked constantly? I had a look at the IP address of one of the banned entries and it appears to be DCS Pacific which looks like a hosting company. Surely another hosting company isn't trying to crash my server?? I am the only person with legitimate ssh access to my servers.

Does anyone else experience this?


2010-10-03 10:45:33,659 fail2ban.actions: WARNING [ssh] Unban 206.217.137.184
2010-10-03 10:49:12,675 fail2ban.actions: WARNING [ssh] Unban 41.130.234.116
2010-10-03 17:27:00,003 fail2ban.jail : INFO Jail 'ssh' stopped
2010-10-03 17:35:42,507 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2010-10-03 17:35:42,526 fail2ban.jail : INFO Creating new jail 'ssh'
2010-10-03 17:35:42,526 fail2ban.jail : INFO Jail 'ssh' uses poller
2010-10-03 17:35:42,774 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2010-10-03 17:35:42,776 fail2ban.filter : INFO Set maxRetry = 6
2010-10-03 17:35:42,777 fail2ban.filter : INFO Set findtime = 600
2010-10-03 17:35:42,778 fail2ban.actions: INFO Set banTime = 600
2010-10-03 17:35:42,886 fail2ban.jail : INFO Jail 'ssh' started
2010-10-03 18:34:25,050 fail2ban.actions: WARNING [ssh] Ban 78.101.169.35
2010-10-03 18:44:25,066 fail2ban.actions: WARNING [ssh] Unban 78.101.169.35
2010-10-03 20:07:33,090 fail2ban.actions: WARNING [ssh] Ban 83.237.215.84
2010-10-03 20:17:33,158 fail2ban.actions: WARNING [ssh] Unban 83.237.215.84
2010-10-03 20:45:37,178 fail2ban.actions: WARNING [ssh] Ban 94.179.99.171
2010-10-03 20:55:37,210 fail2ban.actions: WARNING [ssh] Unban 94.179.99.171
2010-10-04 00:15:08,231 fail2ban.actions: WARNING [ssh] Ban 184.106.241.145
2010-10-04 00:25:08,491 fail2ban.actions: WARNING [ssh] Unban 184.106.241.145
2010-10-04 00:26:15,586 fail2ban.actions: WARNING [ssh] Ban 190.42.208.209
2010-10-04 00:36:15,606 fail2ban.actions: WARNING [ssh] Unban 190.42.208.209
2010-10-04 00:39:26,622 fail2ban.actions: WARNING [ssh] Ban 88.198.11.232
2010-10-04 00:49:26,638 fail2ban.actions: WARNING [ssh] Unban 88.198.11.232
2010-10-04 01:55:43,678 fail2ban.actions: WARNING [ssh] Ban 211.254.130.116
2010-10-04 02:05:43,718 fail2ban.actions: WARNING [ssh] Unban 211.254.130.116
2010-10-04 03:12:23,838 fail2ban.actions: WARNING [ssh] Ban 216.17.111.135
2010-10-04 03:22:23,854 fail2ban.actions: WARNING [ssh] Unban 216.17.111.135
2010-10-04 06:57:00,890 fail2ban.actions: WARNING [ssh] Ban 93.153.189.85
2010-10-04 07:07:01,078 fail2ban.actions: WARNING [ssh] Unban 93.153.189.85
2010-10-04 09:43:04,102 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 09:53:04,150 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 09:56:09,174 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 10:06:09,230 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 10:08:33,246 fail2ban.actions: WARNING [ssh] Ban 41.238.224.28
2010-10-04 10:08:40,263 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 10:08:40,282 fail2ban.actions: WARNING [ssh] Ban 212.98.166.61
2010-10-04 10:18:33,298 fail2ban.actions: WARNING [ssh] Unban 41.238.224.28
2010-10-04 10:18:40,314 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 10:18:40,332 fail2ban.actions: WARNING [ssh] Unban 212.98.166.61
2010-10-04 10:21:23,350 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 10:23:12,366 fail2ban.actions: WARNING [ssh] Ban 91.149.187.72
2010-10-04 10:31:23,382 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 10:33:12,398 fail2ban.actions: WARNING [ssh] Unban 91.149.187.72
2010-10-04 10:33:25,414 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 10:43:25,434 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 10:45:44,450 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 10:55:44,466 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 10:58:43,482 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 11:08:43,514 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 11:11:49,534 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 11:21:49,558 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 11:24:18,574 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 11:34:18,590 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 11:36:40,606 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 11:46:40,622 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 11:49:38,638 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 11:59:38,654 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 12:01:50,682 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 12:02:23,698 fail2ban.actions: WARNING [ssh] Ban 121.119.160.134
2010-10-04 12:11:50,714 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 12:12:23,730 fail2ban.actions: WARNING [ssh] Unban 121.119.160.134
2010-10-04 12:14:54,746 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 12:24:54,762 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 12:28:17,778 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 12:38:17,794 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 12:41:24,810 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 12:51:24,826 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 12:54:12,842 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 13:04:12,858 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 13:06:58,874 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 13:16:58,898 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 13:19:36,914 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 13:29:36,930 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 13:33:40,962 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 13:43:40,978 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 13:46:33,994 fail2ban.actions: WARNING [ssh] Ban 204.16.198.103
2010-10-04 13:56:34,010 fail2ban.actions: WARNING [ssh] Unban 204.16.198.103
2010-10-04 16:56:45,042 fail2ban.actions: WARNING [ssh] Ban 220.127.174.119
2010-10-04 17:06:45,062 fail2ban.actions: WARNING [ssh] Unban 220.127.174.119
2010-10-04 18:26:09,314 fail2ban.actions: WARNING [ssh] Ban 218.241.161.186
2010-10-04 18:36:09,547 fail2ban.actions: WARNING [ssh] Unban 218.241.161.186
2010-10-04 19:15:59,694 fail2ban.actions: WARNING [ssh] Ban 216.245.208.93
2010-10-04 19:25:59,730 fail2ban.actions: WARNING [ssh] Unban 216.245.208.93
2010-10-04 20:48:59,762 fail2ban.actions: WARNING [ssh] Ban 153.65.20.115
2010-10-04 20:58:59,866 fail2ban.actions: WARNING [ssh] Unban 153.65.20.115
2010-10-04 22:07:03,902 fail2ban.actions: WARNING [ssh] Ban 41.234.76.58
2010-10-04 22:17:03,986 fail2ban.actions: WARNING [ssh] Unban 41.234.76.58
2010-10-05 08:20:16,110 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12
2010-10-05 08:30:16,226 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12
2010-10-05 08:31:03,242 fail2ban.actions: WARNING [ssh] Ban 41.208.137.12
2010-10-05 08:41:03,258 fail2ban.actions: WARNING [ssh] Unban 41.208.137.12
2010-10-05 08:52:10,278 fail2ban.actions: WARNING [ssh] Ban 118.129.166.120
2010-10-05 08:52:35,294 fail2ban.actions: WARNING [ssh] Ban 190.232.206.129
2010-10-05 09:02:10,326 fail2ban.actions: WARNING [ssh] Unban 118.129.166.120
2010-10-05 09:02:35,342 fail2ban.actions: WARNING [ssh] Unban 190.232.206.129
Reply With Quote
Sponsored Links
  #2  
Old 5th October 2010, 21:08
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,788
Thanks: 821
Thanked 5,337 Times in 4,187 Posts
Default

Thats normal, so nothing to worry about. This happens to every computer which is connected to the internet all the time. Fail2ban is installed to block such attempts. The ssh login attempst are not related to apache response problems, so if you have any problems with apache, then you should investigate this in the apache error.log and syslog.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 5th October 2010, 23:00
Toucan Toucan is offline
Senior Member
 
Join Date: Dec 2009
Posts: 479
Thanks: 78
Thanked 39 Times in 33 Posts
 
Default

I'll have a look at the logs...

Strange though that when I block ssh ports via the router all problems stop.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
Fail2Ban fails to ban :-) Wandering-Aimlessly Installation/Configuration 14 18th August 2009 16:37
Need help with fail2ban on centos 5.3 rlischer Installation/Configuration 3 14th August 2009 11:47
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 13:44
Fail2ban question joelee HOWTO-Related Questions 1 3rd April 2008 20:16


All times are GMT +2. The time now is 16:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.