Your failregex isn't even close to matching the log lines in /var/log/messages:
failregex = Submitting address \[<HOST>\] to the firewall
Feb 17 14:18:42 www drupal[3979]:
https://www.clubenaval.org.br/novo|1581949122|user|177.124.244.10|https://www.clubenaval.org.br/novo/?q=frontpage&destination=frontpage|https://www.clubenaval.org.br/novo/index.php|0||Login
attempt failed for chmviola.
Try this for your filter:
[Definition]
#failregex = drupal.*|user|\[<HOST>\]|.*Login attempt failed.*$
#failregex = drupal.*\[<HOST>\]
failregex = drupal([^|]*){3}\[<HOST>\].*Login attempt failed.*$
#failregex = drupal.*\|user\|\[<HOST>\].*Login attempt failed.*$
ignoreregex =
The uncommented failregex works.
My test files are in /root/tmp
Running command: fail2ban-regex /root/tmp/drupal.messages
/root/tmp/drupal.filter.conf
Running tests
=============
Use failregex file : /root/tmp/drupal.filter.conf
Use log file : /root/tmp/drupal.messages
Use encoding : UTF-8
Results
=======
Failregex: 4 total
|- #) [# of hits] regular expression
| 1) [4] drupal([^|]*){3}\[<HOST>\].*Login attempt failed.*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [5] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 5 lines, 0 ignored, *4 matched*, 1 missed
[processed in 0.01 sec]
|- Missed line(s):
| Feb 17 14:24:46 www drupal[3981]:
https://www.clubenaval.org.br/novo|1581949486|user|177.124.244.10|https://www.clubenaval.org.br/novo/?q=area_socio_entrada&destination=node/365|https://www.clubenaval.org.br/novo/?q=area_socio_entrada|15||Session
opened for chmviola
`-
Your English is good.
Bill
On 2/17/2020 11:53 AM, Henrique Fagundes wrote:
Dear Dudi,
Excuse me!
Here is the right file:
https://temporario.aprendendolinux.com/fail2ban/filter.d/drupal-auth.conf.txt
---- Ativado Seg, 17 fev 2020 13:13:10 -0300 Dudi Goldenberg
<[email protected]> escreveu ----
> Hi,
>
> What is the content of drupal-auth.conf? You pasted drupal-comment.conf.
>
> Regards,
>
> D.
>
> -----Original Message-----
> From: Henrique Fagundes [mailto:[email protected]]
> Sent: Monday, February 17, 2020 17:41
> To: Fail2ban Users <[email protected]>
> Subject: [Fail2ban-users] Blocking Logins in Drupal 7 does not work!
>
> Dear Colleagues,
>
> Good afternoon!
>
> But once, I come to enlist the help of this group. Some will certainly
remember me, with the PhpMyAdmin problem that I ended up solving with the update.
>
> Now, I have the same problem with Drupal (and I cannot update it). I can't
get fail2ban to stop login attempts with error.
>
> What I find strange is that before migrating from server, it used version
0.9.6-2 of fail2ban in Debian 9.12 and it worked correctly.
>
> I migrated the server to a CentOS 8.1 running fail2ban in version 0.10.5-2.
And after that, the lock does not work.
>
> I will share the configuration files with you:
>
> /etc/fail2ban/jail.conf:
> https://temporario.aprendendolinux.com/fail2ban/jail.conf.txt
>
> /etc/fail2ban/filter.d/drupal-auth.conf:
>
https://temporario.aprendendolinux.com/fail2ban/filter.d/drupal-comment.conf.txt
>
> /var/log/messages:
> https://temporario.aprendendolinux.com/messages.txt
>
> I understand that the correct thing would be for fail2ban to block IP
177.124.244.10 after the third login attempt, but it is not happening.
>
> can anybody help me?
>
> I apologize for the possible typos. I am Brazilian and I have difficulties
with English.
>
>
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
