Stack Overflow
Stack Overflow

Questions tagged [fail2ban]

FAIL2BAN QUESTIONS MUST BE PROGRAMMING RELATED. Fail2ban scans log files and bans IPs that show the malicious signs.

Fail2ban scans log files, like /var/log/apache/error_log, and bans IPs that show the malicious signs. The signs include too many password failures, requesting admin pages, seeking for exploits, etc.

Fail2ban Wiki.

269 questions
0
votes
1 answer

Fail2Ban regex for EXIM (TCP/IP connection count)

I am trying to create a regex condition for the exim filter of Fail2Ban. In my exim log, I have entries like this: 2014-11-27 17:09:05 SMTP connection from [42.117.255.244] (TCP/IP connection count = 1) 2014-11-27 17:09:14 SMTP connection from…
Bogdan Stoica
  • 4,349
  • 2
  • 23
  • 38
0
votes
1 answer

Fail2ban regex for exim

I have tried to write a regex for fail2ban for my exim mail server but I can't seem to get any matches. even on the rejected logfile. Here is a line from my exim_mainlog: 2014-09-18 16:34:30 dovecot_login authenticator failed for…
user3778695
  • 3
  • 1
  • 2
0
votes
2 answers

fail2ban regular to find 403 request in nginx

I want to find the 403 requests and ban them,here is my log format 112.253.6.182 - - [08/Sep/2014:17:42:56 -0400] "GET / HTTP/1.1" 403 579 "baidu" "Mozilla/4.0" 50.117.86.72 106.37.177.251 - - [08/Sep/2014:17:42:56 -0400] "GET /index.php HTTP/1.1"…
Feng
  • 3
  • 3
0
votes
1 answer

Web server attacked by redirected traffic

Currently my webserver which is only used for my personal site is being overloaded with redirected traffic. I'm trying to use fail2ban to reduce the load but my Regex is not that great. Below is a sample of my access log 142.4.113.210 - -…
mmorley
  • 1
  • 1
0
votes
1 answer

How to access Seafile server in a virtual machine through IPtables?

I have installed Seafile-server 3.0.4 64bit on a Ubuntu-server 14.04 with default ports settings (i.e. 8000, 8082, 10001, 12001) but fail to access the instance with the client. Infrastructure The Ubuntu-server is running as a KVM machine on a…
Édouard Lopez
  • 40,270
  • 28
  • 126
  • 178
-1
votes
1 answer

Error while running python3-fail2ban with "PY_SSIZE_T_CLEAN macro must be defined for '#' formats"

I'm trying to run the python3-fail2ban component built by yocto, but I'm encountering an error related to the PY_SSIZE_T_CLEAN macro. The error message is PY_SSIZE_T_CLEAN macro must be defined for '#' formats. I've looked into the issue and found…
zaheerk
  • 11
  • 2
-1
votes
1 answer

fail2ban failregex for citadel mail server not working

Sample syslog entry May 13 19:43:30 mail citserver[67267]: citserver[67267]: user_ops: bad password specified for <> Service Port <25> Remote <119.96.245.49.unknown.m1.com.sg / 49.245.96.119> Failing fail2ban failregex failregex =…
ksimp
  • 1
-1
votes
2 answers

Ansible: How to ensure that the fail2ban service is enabled on the remote server?

This is my task. - name: Ensure fail2ban is running and enabled. ansible.builtin.service: name: fail2ban state: started enabled: true I am getting this error. 'fatal: [localhost]: FAILED! => {"changed": false, "msg": "get_service_tools…
sai nishanth
  • 1
  • 2
-1
votes
1 answer

How to add MySQL filter to fail2ban on Plesk?

As you have noticed, Plesk doesn't come with a MySQL filter integrated natively for fail2ban, so we are not able to create a jail for this service. There is a way to add it but is not so elegant. What can I do to add support for MySQL on fail2ban…
JuliSmz
  • 996
  • 1
  • 12
  • 26
-1
votes
1 answer

using fail2ban with website cloudflare are not working

I've installed apache2 + fail2ban and i linked my website with cloudflare. So i did apply some new regex to the fail2ban to ban ip's requests many times 403 Forbidden Error Message.I've tested the rule with my ip server work…
Dr Jay
  • 415
  • 2
  • 14
-1
votes
1 answer

Regex for "wp-admin" "wp-login" entries in syslog trying on drupal sites

I am looking for a fail2ban regex (or two) to find the wp-admin and wp-login attemps on drupal sites. The regex should find "drupal:" and "page not found" and ("wp-admin" or "wp-login") the problem for me are the "and" conditions The logfile…
etron770
  • 1
  • 2
-1
votes
1 answer

Protecting VPS with fail2ban

I have a VPS running ubuntu 20.04 that I'm trying to setup as a SSH server. On my first try I got overrun by Chinese bots. I deleted everything and started from scratch. I installed and setup fail2ban, currently on about 2000 banned ip. I removed…
Andy
  • 31
  • 6
-1
votes
3 answers

Blocking requests on postfix (fail2ban)

I see the same non smtp requests in my maillog and I can't figure out, what is missing so those requests can be blocked. fail2ban is setup and I have configured a jail.local file. How can I block those 6 requests: Feb 10 10:58:57 host …
beans are not for everyone
  • 11
  • 4
-1
votes
1 answer

fail2ban pattern for non-digit character matches input with digit

This is my input string: myserver:/etc/fail2ban # cat one_line.txt 12.123.123.12 - - [25/Jul/2017:09:26:40 +0200] "GET /a/path/file.html HTTP/1.1" 200 1450 "http://example.com/a/path/file.html" "Mozilla/5.0 (Windows NT 6.1; Win64; x64)…
catweazle
  • 47
  • 5
-1
votes
1 answer

Blocking an incomming foreign address with fail2ban or iptables

I am trying to ban an "IP address" or hostname dont know what this is : static.40.25.69.1 from my ubuntu droplet but without any luck. Banning ip addresses was easy but i cant manage to do anything with the given address. The given address is…
trix87
  • 175
  • 4
  • 16
1 2 3
17
18