Fail2ban for pure-ftp

Discussion in 'General' started by wxman, Nov 14, 2009.

  1. wxman

    wxman New Member

    I'm looking for anyone who has had luck getting fail2ban to work with pure-ftp. I keep getting log entries like:
    Code:
    Nov 14 15:39:05 web1 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [administrator]
    Nov 14 15:39:18 web1 pure-ftpd: ([email protected]) [INFO] PAM_RHOST enabled. Getting the peer address
    Nov 14 15:39:20 web1 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [administrator]
    Nov 14 15:39:32 web1 pure-ftpd: ([email protected]) [INFO] PAM_RHOST enabled. Getting the peer address
    Nov 14 15:39:34 web1 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [administrator]
    
    my fail2ban failregex for pure-ftpd is now:
    Code:
    failregex = pure-ftpd(?:\[\d+\])?: ([email protected]<HOST>\)) \[WARNING\] %(__errmsg)s \[.+\]$
    failregex = pure-ftpd(?:\[\d+\])?: ([email protected]<HOST>\)) \[INFO\] %(__errmsg)s \[.+\]$
    
    So far I haven't blocked a single one.
     
  2. damir

    damir New Member

  3. wxman

    wxman New Member

Share This Page