Fail2Ban IpTables Error

Discussion in 'Server Operation' started by zgjonbalaj, Mar 29, 2012.

  1. zgjonbalaj

    zgjonbalaj New Member

    Any idea on why this is happening?

    Code:
    2012-03-28 23:03:35,529 fail2ban.jail : INFO Creating new jail 'courierpop3s'
    2012-03-28 23:03:35,529 fail2ban.jail : INFO Jail 'courierpop3s' uses Gamin
    2012-03-28 23:03:35,531 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:03:35,532 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:03:35,535 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:03:35,536 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:03:35,543 fail2ban.jail : INFO Creating new jail 'courierimap'
    2012-03-28 23:03:35,543 fail2ban.jail : INFO Jail 'courierimap' uses Gamin
    2012-03-28 23:03:35,545 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:03:35,546 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:03:35,549 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:03:35,550 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:03:35,557 fail2ban.jail : INFO Creating new jail 'courierimaps'
    2012-03-28 23:03:35,557 fail2ban.jail : INFO Jail 'courierimaps' uses Gamin
    2012-03-28 23:03:35,559 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:03:35,560 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:03:35,563 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:03:35,564 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:03:35,572 fail2ban.jail : INFO Jail 'ssh' started
    2012-03-28 23:03:35,575 fail2ban.jail : INFO Jail 'sasl' started
    2012-03-28 23:03:35,579 fail2ban.jail : INFO Jail 'pureftpd' started
    2012-03-28 23:03:35,586 fail2ban.jail : INFO Jail 'courierpop3' started
    2012-03-28 23:03:35,592 fail2ban.jail : INFO Jail 'courierpop3s' started
    2012-03-28 23:03:35,599 fail2ban.jail : INFO Jail 'courierimap' started
    2012-03-28 23:03:35,603 fail2ban.actions.action: ERROR iptables -N fail2ban-pureftpd
    iptables -A fail2ban-pureftpd -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports ftp -j fail2ban-pureftpd returned 400
    2012-03-28 23:03:35,607 fail2ban.jail : INFO Jail 'courierimaps' started
    2012-03-28 23:04:23,665 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports pop3s -j fail2ban-courierpop3s
    iptables -F fail2ban-courierpop3s
    iptables -X fail2ban-courierpop3s returned 100
    2012-03-28 23:04:23,666 fail2ban.jail : INFO Jail 'courierpop3s' stopped
    2012-03-28 23:04:24,674 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports imap2 -j fail2ban-courierimap
    iptables -F fail2ban-courierimap
    iptables -X fail2ban-courierimap returned 100
    2012-03-28 23:04:24,675 fail2ban.jail : INFO Jail 'courierimap' stopped
    2012-03-28 23:04:25,646 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
    iptables -F fail2ban-ssh
    iptables -X fail2ban-ssh returned 100
    2012-03-28 23:04:25,646 fail2ban.jail : INFO Jail 'ssh' stopped
    2012-03-28 23:04:25,686 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports imaps -j fail2ban-courierimaps
    iptables -F fail2ban-courierimaps
    iptables -X fail2ban-courierimaps returned 100
    2012-03-28 23:04:25,686 fail2ban.jail : INFO Jail 'courierimaps' stopped
    2012-03-28 23:04:26,667 fail2ban.jail : INFO Jail 'pureftpd' stopped
    2012-03-28 23:04:27,653 fail2ban.jail : INFO Jail 'sasl' stopped
    2012-03-28 23:04:28,636 fail2ban.jail : INFO Jail 'courierpop3' stopped
    2012-03-28 23:04:28,638 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.5
    2012-03-28 23:04:28,639 fail2ban.jail : INFO Creating new jail 'ssh'
    2012-03-28 23:04:28,639 fail2ban.jail : INFO Jail 'ssh' uses Gamin
    2012-03-28 23:04:28,640 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2012-03-28 23:04:28,641 fail2ban.filter : INFO Set maxRetry = 6
    2012-03-28 23:04:28,645 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,646 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,665 fail2ban.jail : INFO Creating new jail 'sasl'
    2012-03-28 23:04:28,666 fail2ban.jail : INFO Jail 'sasl' uses Gamin
    2012-03-28 23:04:28,668 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:04:28,669 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,673 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,673 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,680 fail2ban.jail : INFO Creating new jail 'pureftpd'
    2012-03-28 23:04:28,680 fail2ban.jail : INFO Jail 'pureftpd' uses Gamin
    2012-03-28 23:04:28,682 fail2ban.filter : INFO Added logfile = /var/log/syslog
    2012-03-28 23:04:28,682 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,686 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,687 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,693 fail2ban.jail : INFO Creating new jail 'courierpop3'
    2012-03-28 23:04:28,694 fail2ban.jail : INFO Jail 'courierpop3' uses Gamin
    2012-03-28 23:04:28,695 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:04:28,696 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,700 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,700 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,707 fail2ban.jail : INFO Creating new jail 'courierpop3s'
    2012-03-28 23:04:28,707 fail2ban.jail : INFO Jail 'courierpop3s' uses Gamin
    2012-03-28 23:04:28,708 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:04:28,709 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,713 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,714 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,720 fail2ban.jail : INFO Creating new jail 'courierimap'
    2012-03-28 23:04:28,720 fail2ban.jail : INFO Jail 'courierimap' uses Gamin
    2012-03-28 23:04:28,722 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:04:28,723 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,727 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,727 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,734 fail2ban.jail : INFO Creating new jail 'courierimaps'
    2012-03-28 23:04:28,734 fail2ban.jail : INFO Jail 'courierimaps' uses Gamin
    2012-03-28 23:04:28,736 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:04:28,736 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:04:28,740 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:04:28,741 fail2ban.actions: INFO Set banTime = 260000
    2012-03-28 23:04:28,748 fail2ban.jail : INFO Jail 'ssh' started
    2012-03-28 23:04:28,752 fail2ban.jail : INFO Jail 'sasl' started
    2012-03-28 23:04:28,758 fail2ban.jail : INFO Jail 'pureftpd' started
    2012-03-28 23:04:28,764 fail2ban.jail : INFO Jail 'courierpop3' started
    2012-03-28 23:04:28,766 fail2ban.actions.action: ERROR iptables -N fail2ban-sasl
    iptables -A fail2ban-sasl -j RETURN
    iptables -I INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl returned 200
    2012-03-28 23:04:28,769 fail2ban.jail : INFO Jail 'courierpop3s' started
    2012-03-28 23:04:28,775 fail2ban.jail : INFO Jail 'courierimap' started
    2012-03-28 23:04:28,783 fail2ban.jail : INFO Jail 'courierimaps' started
     
  2. till

    till Super Moderator

    Which Linux distribution?
     
  3. zgjonbalaj

    zgjonbalaj New Member

    Ubuntu 11.10 x64 used the ISPConfig3 Perfect Server Guide!
     
  4. zgjonbalaj

    zgjonbalaj New Member

    This is the latest log. Ive tried restarting and rebooting the system. Nothing seems to work. Ive tried going online many people suggesting different things thought id double check here before i do anything.

    Code:
    2012-03-28 23:34:28,082 fail2ban.jail : INFO Jail 'ssh' started
    2012-03-28 23:34:28,086 fail2ban.jail : INFO Jail 'sasl' started
    2012-03-28 23:34:28,090 fail2ban.jail : INFO Jail 'pureftpd' started
    2012-03-28 23:34:28,098 fail2ban.jail : INFO Jail 'courierpop3' started
    2012-03-28 23:34:28,106 fail2ban.jail : INFO Jail 'courierpop3s' started
    2012-03-28 23:34:28,113 fail2ban.jail : INFO Jail 'courierimap' started
    2012-03-28 23:34:28,120 fail2ban.jail : INFO Jail 'courierimaps' started
    2012-03-28 23:44:04,712 fail2ban.actions: WARNING [pureftpd] Ban 173.9.110.114
    2012-03-28 23:44:05,412 fail2ban.actions: WARNING [pureftpd] Ban 173.9.110.114
    2012-03-28 23:54:12,369 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports pop3s -j fail2ban-courierpop3s
    iptables -F fail2ban-courierpop3s
    iptables -X fail2ban-courierpop3s returned 100
    2012-03-28 23:54:12,370 fail2ban.jail : INFO Jail 'courierpop3s' stopped
    2012-03-28 23:54:12,380 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports imap2 -j fail2ban-courierimap
    iptables -F fail2ban-courierimap
    iptables -X fail2ban-courierimap returned 100
    2012-03-28 23:54:13,312 fail2ban.jail : INFO Jail 'courierimap' stopped
    2012-03-28 23:54:13,330 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
    iptables -F fail2ban-ssh
    iptables -X fail2ban-ssh returned 100
    2012-03-28 23:54:14,309 fail2ban.jail : INFO Jail 'ssh' stopped
    2012-03-28 23:54:14,365 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports imaps -j fail2ban-courierimaps
    iptables -F fail2ban-courierimaps
    iptables -X fail2ban-courierimaps returned 100
    2012-03-28 23:54:14,366 fail2ban.jail : INFO Jail 'courierimaps' stopped
    2012-03-28 23:54:15,356 fail2ban.actions: WARNING [pureftpd] Unban 173.9.110.114
    2012-03-28 23:54:15,368 fail2ban.actions.action: ERROR iptables -D fail2ban-pureftpd -s 173.9.110.114 -j DROP returned 100
    2012-03-28 23:54:15,378 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports ftp -j fail2ban-pureftpd
    iptables -F fail2ban-pureftpd
    iptables -X fail2ban-pureftpd returned 100
    2012-03-28 23:54:15,378 fail2ban.jail : INFO Jail 'pureftpd' stopped
    2012-03-28 23:54:16,315 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports smtp -j fail2ban-sasl
    iptables -F fail2ban-sasl
    iptables -X fail2ban-sasl returned 100
    2012-03-28 23:54:16,316 fail2ban.jail : INFO Jail 'sasl' stopped
    2012-03-28 23:54:16,349 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport --dports pop3 -j fail2ban-courierpop3
    iptables -F fail2ban-courierpop3
    iptables -X fail2ban-courierpop3 returned 100
    2012-03-28 23:54:17,307 fail2ban.jail : INFO Jail 'courierpop3' stopped
    2012-03-28 23:54:17,310 fail2ban.server : INFO Exiting Fail2ban
    2012-03-28 23:54:17,870 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.5
    2012-03-28 23:54:17,871 fail2ban.jail : INFO Creating new jail 'ssh'
    2012-03-28 23:54:17,873 fail2ban.jail : INFO Jail 'ssh' uses Gamin
    2012-03-28 23:54:17,891 fail2ban.filter : INFO Added logfile = /var/log/auth.log
    2012-03-28 23:54:17,892 fail2ban.filter : INFO Set maxRetry = 6
    2012-03-28 23:54:17,893 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,893 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,941 fail2ban.jail : INFO Creating new jail 'sasl'
    2012-03-28 23:54:17,942 fail2ban.jail : INFO Jail 'sasl' uses Gamin
    2012-03-28 23:54:17,943 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:54:17,944 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:17,945 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,946 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,954 fail2ban.jail : INFO Creating new jail 'pureftpd'
    2012-03-28 23:54:17,954 fail2ban.jail : INFO Jail 'pureftpd' uses Gamin
    2012-03-28 23:54:17,955 fail2ban.filter : INFO Added logfile = /var/log/syslog
    2012-03-28 23:54:17,956 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:17,957 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,958 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,965 fail2ban.jail : INFO Creating new jail 'courierpop3'
    2012-03-28 23:54:17,965 fail2ban.jail : INFO Jail 'courierpop3' uses Gamin
    2012-03-28 23:54:17,967 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:54:17,967 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:17,969 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,969 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,976 fail2ban.jail : INFO Creating new jail 'courierpop3s'
    2012-03-28 23:54:17,976 fail2ban.jail : INFO Jail 'courierpop3s' uses Gamin
    2012-03-28 23:54:17,978 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:54:17,979 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:17,980 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,980 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,988 fail2ban.jail : INFO Creating new jail 'courierimap'
    2012-03-28 23:54:17,988 fail2ban.jail : INFO Jail 'courierimap' uses Gamin
    2012-03-28 23:54:17,989 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:54:17,990 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:17,991 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:17,992 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:17,999 fail2ban.jail : INFO Creating new jail 'courierimaps'
    2012-03-28 23:54:17,999 fail2ban.jail : INFO Jail 'courierimaps' uses Gamin
    2012-03-28 23:54:18,001 fail2ban.filter : INFO Added logfile = /var/log/mail.log
    2012-03-28 23:54:18,001 fail2ban.filter : INFO Set maxRetry = 5
    2012-03-28 23:54:18,002 fail2ban.filter : INFO Set findtime = 600
    2012-03-28 23:54:18,003 fail2ban.actions: INFO Set banTime = 86400
    2012-03-28 23:54:18,011 fail2ban.jail : INFO Jail 'ssh' started
    2012-03-28 23:54:18,015 fail2ban.jail : INFO Jail 'sasl' started
    2012-03-28 23:54:18,018 fail2ban.jail : INFO Jail 'pureftpd' started
    2012-03-28 23:54:18,023 fail2ban.jail : INFO Jail 'courierpop3' started
    2012-03-28 23:54:18,036 fail2ban.jail : INFO Jail 'courierpop3s' started
    2012-03-28 23:54:18,040 fail2ban.jail : INFO Jail 'courierimap' started
    2012-03-28 23:54:18,044 fail2ban.jail : INFO Jail 'courierimaps' started
    2012-03-28 23:59:06,361 fail2ban.actions: WARNING [pureftpd] Unban 173.9.110.114
    2012-03-28 23:59:06,374 fail2ban.actions.action: ERROR iptables -D fail2ban-pureftpd -s 173.9.110.114 -j DROP returned 100
    2012-03-29 06:25:06,119 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
    2012-03-29 06:25:06,141 fail2ban.filter : INFO Log rotation detected for /var/log/syslog
    2012-03-29 18:44:03,687 fail2ban.actions: WARNING [ssh] Ban 182.72.180.90
    2012-03-29 18:44:03,939 fail2ban.actions: WARNING [ssh] Ban 182.72.180.90
    2012-03-29 18:59:04,888 fail2ban.actions: WARNING [ssh] Unban 182.72.180.90
    2012-03-29 22:34:51,158 fail2ban.actions: WARNING [ssh] Ban 187.8.0.54
    2012-03-29 22:34:51,341 fail2ban.actions: WARNING [ssh] Ban 187.8.0.54
    2012-03-29 22:49:52,290 fail2ban.actions: WARNING [ssh] Unban 187.8.0.54
     
  5. zgjonbalaj

    zgjonbalaj New Member

Share This Page