Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > ISPConfig 3 Priority Support

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th May 2013, 16:44
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default Fail2Ban repeating ban/unban warnings

Hi guys,

I just noticed something streange and I'm a bit worried about it. Please look at this in my fail2ban.log :

Code:
2013-05-08 17:28:45,062 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 17:38:45,709 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 17:41:18,875 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 17:51:19,518 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 17:56:18,838 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 18:06:19,482 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 20:59:34,496 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 21:09:35,142 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 21:13:36,405 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 21:23:37,049 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
2013-05-08 21:56:55,182 fail2ban.actions: WARNING [pureftpd] Ban 61.160.213.168
2013-05-08 22:06:55,828 fail2ban.actions: WARNING [pureftpd] Unban 61.160.213.168
This is a chinese IP and it looks like an attempt to enter my server, isn't it? Do I have to worry about this?

Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 9th May 2013, 17:29
darinpeterson darinpeterson is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 154
Thanks: 35
Thanked 13 Times in 13 Posts
Default

I'm no expert, but it looks like you're server is being attacked by an automated script from that IP address. The script is trying to ftp into your server.

Does the sequence continue on, or has it stopped?
Reply With Quote
  #3  
Old 9th May 2013, 17:36
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Hi Darin,

Yes it stopped. I would like to ban this IP though, just in case. How can I do that in ISPConfig?

I'm having a problem with an IP I would like to unban on the other side. One of my clients can't connect on the FTP this time. How can I do that?

This ban/unban thing is a bit obscure for me...

Thanks for your help!
Reply With Quote
  #4  
Old 9th May 2013, 21:24
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,998
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

The ban and unban is ok, its the purpose of fail2ban and the log file shows that it works as intended. Fail2ban bans a ip if there are too many failed login attemps from that ip and it eill unban the ip after some time to avoid that your users get blocked permanently. This is useful and nescessary this does not has to be an attack, it can simply be a normal ftp client were soeone entered a wrong password which tries to auto reconnect.

Banning aind unbanning is done with iptables, so you can ban ips also manually. Your lient ip should already be unbanned as the ban time on your server is most likely 10 minutes.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following 2 Users Say Thank You to till For This Useful Post:
darinpeterson (10th May 2013), Fluotonic (11th May 2013)
  #5  
Old 9th May 2013, 22:04
Fluotonic Fluotonic is offline
Junior Member
 
Join Date: Jan 2013
Posts: 27
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Hi Till,

Thank you very much for this answer!

No need for me to ban manually then? Seems awesome if it's automatic :-)

Thanks!
Reply With Quote
  #6  
Old 11th May 2013, 13:14
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
 
Default

Quote:
Originally Posted by Fluotonic View Post
No need for me to ban manually then? Seems awesome if it's automatic :-)
That's right!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Fluotonic (11th May 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban ignores its [default] jail.conf ispfan Server Operation 0 20th February 2013 20:53
sasl / fail2ban vs. postfix/smtpd warnings) eko_taas Installation/Configuration 4 17th May 2011 17:04
Help with Fail2ban florix.net Installation/Configuration 4 26th January 2011 01:53
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 08:29
Fail2Ban not banning? tristanlee85 Server Operation 4 15th October 2008 14:44


All times are GMT +2. The time now is 17:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.