On Mon, Dec 21, 2015 at 08:32:38AM +0200, Noel da Costa wrote:
On 21 Dec 2015, at 8:30 AM, Noel da Costa <arcsoftwa...@gmail.com> wrote: Hi, I thought the point of Fail2Ban is that it would “ban” abusers and not allow them to keep retrying? However I keep getting (every 3 seconds) a notification from Fail2Ban about banning the same IP address that has failed 2 login attempts.
Usually, that indicates that your ban isn't banning the attacker. For example, if you configure fail2ban to use iptables, but your firewall isn't iptables-based (or if the fail2ban rules don't get triggered), then the packets will still come through.
Other considerations are that the firewall might only be banning "NEW" connections, and the attacker hasn't (yet) disconnected. Usually, you can configure the server software to disconnect someone after a certain number of failed attempts.
Please advise. ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
-- For more information, please reread.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
