• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Fail2ban fails, no ip rotate

D

daanse

Regular Pleskian
Hi,
since ... one hour i have always same Ips in that List.
Exaclty 160 IPs (which is quite a lot i think)
and some specific IP from Customers Home Internet just dont want to get activated again.
F2b is set bantime to 10 minutes.
what am i missing?

I have to say, this Server is a little huge... 300 Domains
can i tune up my filters for working for a large Server?

Plesk 12.5
Debian 8
..
 
Hi daanse,

daanse said:
Exaclty 160 IPs (which is quite a lot i think)
Click to expand...
well... no... it is not "a lot", according to
daanse said:
I have to say, this Server is a little huge... 300 Domains
Click to expand...

Pls. consider the usage of the jail "recidive", so that returning intruders/bots get banned for a longer time ( pls. use a custom ban-time here, which could be a reasonable 3-month/6-month, or even a ban-time for one year for example! ).


daanse said:
and some specific IP from Customers Home Internet just dont want to get activated again.
Click to expand...
You should consider to investigate possible issues/error/problems from your Fail2Ban - log and pls. keep in mind, that a higher log - level, defined at "fail2ban.conf":
Code: 
...
[Definition]
[/INDENT]
# Option: loglevel
# Notes.: Set the log level output.
#         CRITICAL
#         ERROR
#         WARNING
#         NOTICE
#         INFO
#         DEBUG
# Values: [ LEVEL ]  Default: ERROR
#
loglevel = INFO
...
... can lead to a more verbose output in your log, for further investigations. ;)
In addition, it would really help your customers ( and yourself ! ), if you are trying to investigate WHY the customers IP got banned and by which filter. Consider to inspect domain - specific log - files for issues/errors/problems and pls. keep in mind, that it helps to use a "fail2ban-regex" - command with for example:

Global example for domain - specific searches:

fail2ban-regex /var/www/vhosts/system/*/logs/*log /etc/fail2ban/filter.d/YOUR-FILTER-NAME.conf --print-all-matched
Specific example:

fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf --print-all-matched


Help command for "fail2ban-regex", to list possible options:

fail2ban-regex --help
 
You must log in or register to reply here.

Similar threads

Azurel
Forwarded to devs Fail2ban: Missing something like bantime in jail details
Replies
2
Views
1K
Azurel
Azurel
M
Issue Huge load average, uninterruptible state
2 3 4
Replies
61
Views
12K
einty652
E
O
Question How to fine-tune Fail2Ban? (filters, jails, settings, Nginx, blocklists, badips sync, IPv6)
Replies
12
Views
6K
IgorG
IgorG
G J Piper
Nginx SSL access logs not rotated according to GUI settings -- fail2ban suffers
Replies
4
Views
2K
G J Piper
G J Piper
Giorgos Kontopoulos
fail2ban problems with latest update plesk 12.5.30 Update #8
Replies
0
Views
3K
Giorgos Kontopoulos
Giorgos Kontopoulos
Back
Top