Stack Overflow
Stack Overflow

Questions tagged [fail2ban]

FAIL2BAN QUESTIONS MUST BE PROGRAMMING RELATED. Fail2ban scans log files and bans IPs that show the malicious signs.

Fail2ban scans log files, like /var/log/apache/error_log, and bans IPs that show the malicious signs. The signs include too many password failures, requesting admin pages, seeking for exploits, etc.

Fail2ban Wiki.

269 questions
4
votes
1 answer

Oddities in fail2ban regex

This appears to be a bug in fail2ban, with different behaviour between the fail2ban-regex tool and a failregex filter I am attempting to develop a new regex rule for fail2ban, to match: \"%20and%20\"x\"%3D\"x When using fail2ban-regex, this appears…
typonaut
  • 301
  • 2
  • 10
4
votes
2 answers

Fail2ban not blocking IP

I've installed Fail2ban and trying to get it to block IP's. According to the logs its detecting SSH scans and adding the IP Addresses to the ban list but I can still SSH in from a test IP on the internet that is on the banned list. OS = openSUSE…
Greg
  • 1,715
  • 5
  • 27
  • 36
3
votes
1 answer

How to implement Fail2Ban inside a Docker container running Nginx

I am trying to implement fail2ban inside my docker environment that uses my Nginx logs. <-- I may in the future just target the entire traefik logs. version: '3' services: fail2ban: image: 'crazymax/fail2ban:latest' restart: 'always' …
Jaquarh
  • 6,493
  • 7
  • 34
  • 86
3
votes
2 answers

fail2ban - how to ban ip permanently after it was baned 3 times temporarily

Have set up fail2ban service on CentOS 8 by this tutorial: https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/. I have set up settings similiarly according to tutorial above like this: [DEFAULT] # Ban IP/hosts for 24 hour (…
Wortig
  • 963
  • 2
  • 11
  • 37
3
votes
1 answer

Fail2ban Regex - not matching lines in log file

I am trying to create a fail2ban regex against this string: [2020-Nov-10 16:13:35] [freepbx_security.NOTICE]: Authentication failure for S from 109.38.128.48 [] [] What I've created so far is this regex: \[.*\] \[freepbx_security\.NOTICE\]:…
NielsL
  • 31
  • 3
3
votes
1 answer

fail2ban: how much time remaining on ban?

With fail2ban, is there a way to query how much time is remaining on an IP ban? fail2ban-client bantime shows what the original “sentence” was for, but how do I find out how much time remains before “parole”?
MGH
  • 131
  • 2
  • 7
3
votes
2 answers

Is it possible to make fail2ban ignore google?

I need to use fail2ban due to many attack attempts on my server, I also have filters that I had to activate/create to block attack attempts. But now I'm pretty sure that some google ip ends up in the jail of my fail2ban... I added some ip in the…
alebal
  • 5,838
  • 3
  • 10
  • 28
3
votes
3 answers

How to understand if the fail2ban ssh filter is working with a new port?

I changed my ssh port (for security reason), and I added these lines to my file: /etc/fail2ban/jail.local [sshd] enabled = true port = 18249 #port = ssh,sftp,18249 Now when I run this command: sudo fail2ban-client status sshd i get this…
alebal
  • 5,838
  • 3
  • 10
  • 28
3
votes
1 answer

Using Nginx honeypot and using blacklist, firewall block ip or fail2ban

Using Nginx honeypot and using blacklist, firewall block ip or fail2ban So we have this server and we see 1000's of probes everyday. Funny thing is they all 'try' at least the same basic uri's like \admin and \wp-admin and \control and \mysqladmin…
snh_nl
  • 2,877
  • 6
  • 32
  • 62
3
votes
1 answer

Is it safe to remove fail2ban.git after installation?

I have installed Fail2ban via: git clone https://github.com/fail2ban/fail2ban.git cd fail2ban sudo python setup.py install Everything works fine. Is it now safe to remove fail2ban.git file from my home directory?
Denis Rasulev
  • 3,744
  • 4
  • 33
  • 47
3
votes
2 answers

Fail2Ban how to match any string

I have a very simple situation but I can't figure out how regex works... I have an application generating a log only when a login problem occurs. So there is no line in log except in case of wrong login or in case of attempt to reset a password too…
user2244705
  • 361
  • 4
  • 16
3
votes
1 answer

Cloudflare Error 502 Bad Gateway - Nginx - Laravel5

Lately, as soon as I logged into my site into dashboard, I kept getting this screen How do I prevent this ? I am using CloudFlare on top of my Nginx. I used to use Fail2Ban, but I disabled it. [nginx-req-limit] enabled = false filter =…
code-8
  • 54,650
  • 106
  • 352
  • 604
3
votes
1 answer

Fail2Ban make a POST via cURL

I have Fail2Ban install on my Ubuntu VM. I successfully configured, and I got emails when there is a ban detected. Is it possible to configure Fail2Ban to trigger a curl POST request after sending mail? Is Fail2Ban allow something like that?…
code-8
  • 54,650
  • 106
  • 352
  • 604
3
votes
1 answer

Fail2ban not using sender in jail.conf

I am trying to change the sender of Fail2ban email notifications to a separate domain. Inside /etc/fail2ban/jail.local I specify: sender = no-reply@externaldomain.com mta = mail However, when I restart the service, emails are still being sent from…
JoaMika
  • 1,727
  • 6
  • 32
  • 61
3
votes
3 answers

Cant enable fail2ban jail sshd

When enabled sshd jail i see Starting fail2ban: ERROR NOK: ("Failed to initialize any backend for Jail 'sshd'",) ERROR NOK: ('sshd',) In logs : ERROR Backend 'systemd' failed to initialize due to No module named systemd ERROR Failed to initialize…
Kirill K
  • 335
  • 1
  • 6
  • 21
1
2
3
17 18