Questions tagged [fail2ban]

FAIL2BAN QUESTIONS MUST BE PROGRAMMING RELATED. Fail2ban scans log files and bans IPs that show the malicious signs.

Fail2ban scans log files, like /var/log/apache/error_log, and bans IPs that show the malicious signs. The signs include too many password failures, requesting admin pages, seeking for exploits, etc.

Fail2ban Wiki.

269 questions

-1

votes

1 answer

How to secure RStudio server by fail2ban?

I have installed a RStudio server which allows for online login and programming from within the browser. Someone, having experience on how to secure the server by fail2ban?

asked Mar 21 '19 at 06:22

MortenM

-1

votes

1 answer

fail2ban ipv6 support doesn't work

I've installed fail2ban in my web hosting and it is monitoring wordpress login attemps through the access_log file. Once I configured fail2ban to filter wp logins with this regexp: failregex = ^ .* "POST /wp-login.php ... the attack was…

linux wordpress ipv6 iptables fail2ban

asked Oct 26 '16 at 21:24

moisesbelda

-1

votes

1 answer

linux fail2ban how to remove all banned ips

I am running CentOS 7 (firewalld not iptables) with the fail2ban v0.9.3. How do I clear all bans without doing them one by one?

linux centos7 fail2ban firewalld

asked May 06 '16 at 12:25

prophoto

-1

votes

1 answer

Ban IP's trying to access specific file possible?

Is it possible to ban a user (IP) if that IP tries to access a specific file? I had a site who was hacked and sent out spam. The compromised files have now been cleaned/removed. I still get a lot of 404's from IP's trying to access some of those…

debian firewall iptables fail2ban

asked Dec 02 '15 at 16:36

Dyvel

-1

votes

1 answer

Fail2ban regex on a variable string

im getting mad! i want to take make a rule to match the "5.7.1" from postfix the "reject body" string and then ban the ip. Here is the string from maillog. Sep 10 08:04:57 server postfix/cleanup[11430]: 7793A80D7F97: reject: body Se non desiderate…

regex fail2ban

asked Sep 13 '15 at 14:36

Mario Rossi

-1

votes

1 answer

Fail2Ban fails to ban Asterisk Errors

I have fail2ban 0.9.1 with Asterisk 11 on Fedora 21 using IPTables. The IP addresses that attack my server are not getting written to IP Tables automatically (see below about them working when manually running banip). Do you see any errors that…

regex asterisk fail2ban

asked Jul 14 '15 at 17:54

SchroedingersCat

-1

votes

2 answers

fail2ban - asterisk not able to ban this string without an ip for registration attemps

I have installed fail2ban and configured for asterisk, its working fine . But there is an registration attempt which is consistent and fail2ban is unable to ban it as it does not matches any regex statements I think .. the registration attempt…

asterisk fail2ban

asked May 07 '15 at 10:49

Nitesh

-1

votes

1 answer

Optimizing firewall rules processing

I'm using fail2ban to block failed login attempts on my server. The block is performed using IP tables with the following configuration: actionstart = iptables -N fail2ban iptables -A fail2ban -j RETURN iptables -I…

performance iptables fail2ban

asked Jan 07 '15 at 14:53

Jay

-1

votes

1 answer

Fail2Ban is unable to block ip after multiple try

I have installed fail2ban on my Linux server version RHEL5.4. Its not blocking IP after max retry limit as described in jail.conf. When I try to restart the fail2ban I got following error message. /etc/init.d/fail2ban restart Stopping fail2ban: [ …

linux ssh firewall rhel5 fail2ban

asked Nov 18 '14 at 13:11

Altmish-E-Azam

1,561
1
13
24

-2

votes

1 answer

fail2ban regular expression for asterisk 19

I have an asterisk server that is attacked. There is a fail2ban jail for the asterisk logs but the configuration does not pick up the this situation: [2023-07-27 11:25:57] NOTICE[152571] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"213"…

regex fail2ban

asked Jul 28 '23 at 01:17

Fabianus

-2

votes

1 answer

Use fail2ban to allow only specific ip to connect to mail account

We would like to give access to a specific mailadress on our server (postfix and dovecot) only from a specific ip address. My idea was to use fail2ban for that. How could a filter look like for that?

postfix-mta dovecot fail2ban

asked Apr 14 '21 at 04:38

MrYeti

-2

votes

1 answer

Fail2Ban filter to ignore specific usernames in postfix and dovecot

One of our clients has a wrong configured device which sends a wrong username. He can not find the device, so fail2ban keeps blocking him. When we add the ip to the whitelist it works, but he gets banned again, when his router sets a new ip…

postfix-mta dovecot fail2ban

asked Apr 13 '21 at 13:43

MrYeti

-2

votes

1 answer

Asterisk 13.x and fail2ban regex string

After upgrading FreePBX, fail2ban does not work. This is based on Asterisk version 13.19.1. Asterisk-iptables is setup in fail2ban, but misses the login attempts.

asterisk freepbx fail2ban

asked Feb 14 '19 at 17:18

Luci

-2

votes

1 answer

fail2ban jail not being enabled

I want to secure my debian server with Fail2Ban v0.9.6. So I created the following entries in the newly created file /etc/fail2ban/jail.local [nextcloud-trusted] enable = true port = http,https logpath = /var/nextcloud/data/nextcloud.log maxretry =…

server fail2ban nextcloud debian-stretch

asked Sep 06 '18 at 11:52

herhuf

Prev 1 2 3

…