Comments on Using Fail2ban To Block Wrong ISPConfig Logins

Using Fail2ban To Block Wrong ISPConfig Logins In this tutorial, we'll write an ISPConfig plugin to log failed logins to syslog, filter those entries using rsyslogd and add a fail2ban rule to block malicious users' IPs.

5 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Dirk67
Reply  

there are missing the php open- and close -tags "<?php" ... "?>"at the beginning and end of the ispconfig-plugin sourcecode above.

may be it is better to add the jail to
"/etc/fail2ban/jail.local"
instead of adding it to
"/etc/fail2ban/jail.conf"

in the jail the
port should be 8080 for blocking ispconfig access.

in the jail
one should add a
"maxretry = 5"
directive if not defined globally...

 

By: Anonymous
Reply  

is not working.

/var/log/ispconfig.log is empty if i try user/pass wrong.

By: Anonymous
Reply  

Thank you for adding the corrections, it is working like a charm.

 

By: agentmoller001
Reply  

I updated the above to make it function properly as of September 18, 2015 for ISPConfig 3.0.5.4p8. You can find the directions here: Configure Fail2Ban for ISPConfig 3 Failed Login Attempts

By: bepixeld
Reply  

I think since ISPConfig 3.1 you don't need the plugin anymore.Login attempts are logged in /var/log/ispconfig/auth.log.My loglevel in ISPConfig is ERROR. See ISPConfig interface/web/login/index.phpAbout line 310.

So you can dierctly create a filter rule in /etc/fail2ban/filter.d/ispconfig.conf with content:[Definition]failregex = ^Failed login for user (.*) from <HOST> atignoreregex =

And add a jail to /etc/fail2ban/jail.local:[ispconfig]enabled  = truemaxretry = 5port = 8080logpath = /var/log/ispconfig/auth.log

Test it with:fail2ban-regex /var/log/ispconfig/auth.log /etc/fail2ban/filter.d/ispconfig.conf

And restart fail2ban serviceI have tested that with ISPConfig 3.1.9