hi. I'm using 0.8.6-3wheezy3build0.12.04.1 on Ubuntu 12 from repository. Today I ran into a strange issue.
Nov 25 12:37:00 web pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [defaultparters] Nov 25 12:39:09 web pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [defaultparters] and in fail2ban: 2015-11-25 12:39:11,790 fail2ban.actions: WARNING [pureftpd] Ban 46.44.1.2 and this is already something wrong, because in my jail.local: [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 bantime = 7200 so, shouldn't it have blocked after the THIRD failed login? Neverthless, after 2h: 2015-11-25 14:39:12,528 fail2ban.actions: WARNING [pureftpd] Unban 46.44.1.2 but another weirdness happens later on: 2015-11-25 15:46:13,421 fail2ban.actions: WARNING [pureftpd] Ban 46.44.1.2 weirdness because there is no failed authentication from that IP logged in syslog! How's this possible? Did I do something wrong in the config? This is my full jail.local: [DEFAULT] ignoreip = 127.0.0.1 [pureftpd] enabled = true port = ftp filter = pureftpd logpath = /var/log/syslog maxretry = 3 bantime = 7200 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp] logpath = /var/log/mail.log maxretry = 5 [sasl] enabled = true port = smtp filter = postfix-sasl logpath = /var/log/mail.log maxretry = 3 bantime = 7200 [apache-wordpress] enabled = true banaction = iptables-allports bantime = 7200 port = all filter = apache-wordpress logpath = /var/log/apache2/other_vhosts_access.log maxretry = 5 [apache-joomla] enabled = false banaction = iptables-allports bantime = 7200 port = all filter = apache-joomla logpath = /var/log/apache2/other_vhosts_access.log maxretry = 5 -- Lorenzo Milesi - [email protected] YetOpen S.r.l. - http://www.yetopen.it/ ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
