Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 23rd April 2011, 09:24
erosbk erosbk is offline
Senior Member
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default fail2ban Regex for net2ftp and pure-ftpd

Hello people, I am needing your help with a little regex for fail2ban :P

These are some lines of my log file:

Apr 23 03:07:19 web1 net2ftp: 2011-04-23 03:07:19 53059 /webftp/index.php 0 0 localhost xftp browse main 1
Apr 23 03:07:19 web1 pure-ftpd: (?@ [INFO] New connection from
Apr 23 03:07:19 web1 pure-ftpd: (?@ [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Apr 23 03:07:24 web1 pure-ftpd: (?@ [WARNING] Authentication failed for user [xftp]
Apr 23 03:07:24 web1 pure-ftpd: (?@ [INFO] Logout.

This is my current /etc/fail2ban/filter.d/pureftpd.conf

failregex = .*pure-ftpd: \(.*@<HOST>\) \[WARNING\] Authentication failed for user.*
ignoreregex =

I need to modify the regex of pure-ftpd in order to catch too net2ftp login failures, could you help me pls? I don't want to ban my own address (, so, I need to catch firt the IP from net2ftp... thanks!


I made this script to install net2ftp in debian 6, use it if you want (at your own risk :P)


echo -e "Alias webftp (eg. xxxftp): \c"
read aliaswebftp

echo -e "URL FTP server (eg. ftp.xxx.com.ar): \c"
read ftpserver

echo -e "Admin mail (admin@xxx.com.ar): \c"
read adminmail

cd /tmp
wget http://www.net2ftp.com/download/net2ftp_v0.98.zip
unzip net2ftp_v0.98.zip
mv /tmp/net2ftp_v0.98/files_to_upload /var/lib/net2ftp
rm -rf /tmp/*

echo 'Alias /'$aliaswebftp /var/lib/net2ftp > /etc/apache2/conf.d/net2ftp.conf
echo "" >> /etc/apache2/conf.d/net2ftp.conf
echo "<Directory /var/lib/net2ftp>" >> /etc/apache2/conf.d/net2ftp.conf
echo " AllowOverride None" >> /etc/apache2/conf.d/net2ftp.conf
echo " Order deny,allow" >> /etc/apache2/conf.d/net2ftp.conf
echo " Allow from all" >> /etc/apache2/conf.d/net2ftp.conf
echo "</Directory>" >> /etc/apache2/conf.d/net2ftp.conf
echo "" >> /etc/apache2/conf.d/net2ftp.conf

/etc/init.d/apache2 restart

cp /var/lib/net2ftp/settings_authorizations.inc.php /var/lib/net2ftp/settings_authorizations.inc.php.backup

sed -i 's/^$net2ftp_settings\[\"allowed_ftpservers\"\]\[1\].*/$net2ftp_settings\[\"allowed_ftpservers\"\]\[1\] = \"'$ftpserver'\";/' /var/lib/net2ftp/settings_authorizations.inc.php
sed -i 's/^$net2ftp_settings\[\"email_feedback\"\].*/$net2ftp_settings\[\"email_feedback\"\] = \"'$adminmail'\";/' /var/lib/net2ftp/settings.inc.php
sed -i 's/^$net2ftp_settings\[\"use_syslog\"\].*/$net2ftp_settings\[\"use_syslog\"\] = \"yes\";/' /var/lib/net2ftp/settings.inc.php
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pure Ftpd MySQL authorisation problem davebamford General 12 13th August 2014 10:02
SSL/TLS Pure FTPD bboy8012 General 6 9th December 2010 17:18
Pure FTPd not running andreasnrb Installation/Configuration 8 20th March 2010 02:01

All times are GMT +2. The time now is 09:26.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.