I forgot the `findtime` config param. indeed into the 10h default timespan there are three failed auths for that IP.
----- Messaggio originale ----- > Da: "Lorenzo Milesi" <[email protected]> > A: "fail2ban-users" <[email protected]> > Inviato: Mercoledì, 25 novembre 2015 22:10:02 > Oggetto: [Fail2ban-users] Ban with apparently no reason > hi. I'm using 0.8.6-3wheezy3build0.12.04.1 on Ubuntu 12 from repository. > Today I > ran into a strange issue. > > Nov 25 12:37:00 web pure-ftpd: ([email protected]) [WARNING] Authentication failed > for > user [defaultparters] > Nov 25 12:39:09 web pure-ftpd: ([email protected]) [WARNING] Authentication failed > for > user [defaultparters] > > and in fail2ban: > 2015-11-25 12:39:11,790 fail2ban.actions: WARNING [pureftpd] Ban 46.44.1.2 > > and this is already something wrong, because in my jail.local: > [pureftpd] > enabled = true > port = ftp > filter = pureftpd > logpath = /var/log/syslog > maxretry = 3 > bantime = 7200 > > so, shouldn't it have blocked after the THIRD failed login? > Neverthless, after 2h: > 2015-11-25 14:39:12,528 fail2ban.actions: WARNING [pureftpd] Unban 46.44.1.2 > > but another weirdness happens later on: > 2015-11-25 15:46:13,421 fail2ban.actions: WARNING [pureftpd] Ban 46.44.1.2 > > weirdness because there is no failed authentication from that IP logged in > syslog! > How's this possible? Did I do something wrong in the config? > > > This is my full jail.local: > [DEFAULT] > ignoreip = 127.0.0.1 > > [pureftpd] > enabled = true > port = ftp > filter = pureftpd > logpath = /var/log/syslog > maxretry = 3 > bantime = 7200 > > [dovecot-pop3imap] > enabled = true > filter = dovecot-pop3imap > action = iptables-multiport[name=dovecot-pop3imap, > port="pop3,pop3s,imap,imaps", > protocol=tcp] > logpath = /var/log/mail.log > maxretry = 5 > > [sasl] > enabled = true > port = smtp > filter = postfix-sasl > logpath = /var/log/mail.log > maxretry = 3 > bantime = 7200 > > [apache-wordpress] > enabled = true > banaction = iptables-allports > bantime = 7200 > port = all > filter = apache-wordpress > logpath = /var/log/apache2/other_vhosts_access.log > maxretry = 5 > > [apache-joomla] > enabled = false > banaction = iptables-allports > bantime = 7200 > port = all > filter = apache-joomla > logpath = /var/log/apache2/other_vhosts_access.log > maxretry = 5 > > > -- > Lorenzo Milesi - [email protected] > > YetOpen S.r.l. - http://www.yetopen.it/ > > ------------------------------------------------------------------------------ > Go from Idea to Many App Stores Faster with Intel(R) XDK > Give your users amazing mobile app experiences with Intel(R) XDK. > Use one codebase in this all-in-one HTML5 development environment. > Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. > http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users -- Lorenzo Milesi - [email protected] YetOpen S.r.l. - http://www.yetopen.it/ ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
