Hello! A few days ago my home router got banned by my web server for repeated offenses that are not to be found in the (server) logs. A few examples:
2021-08-30 14:21:02,441 fail2ban.filter [27785]: INFO [apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:08 fail2ban.log:2259:2021-08-30 14:21:02,441 fail2ban.filter [27785]: INFO [apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:08 fail2ban.log:2260:2021-08-30 14:21:02,442 fail2ban.filter [27785]: INFO [apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:20 fail2ban.log:2261:2021-08-30 14:21:02,442 fail2ban.filter [27785]: INFO [apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:20 fail2ban.log:2262:2021-08-30 14:21:02,443 fail2ban.filter [27785]: INFO [apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:57:05 This continues for ~1 second with up to 3 hits per millisecond, about 80 lines altogether. Obviously some misbehaviour from the client side, no problem for this list in the first place. Possibly an issue with nextcloud from my home network. The trouble is that there is not a single line in the apache logs which represent the offense. For about 90 minutes the server instance in question didn't log a single packet from anybody. System load was low, to me it looks as if fail2ban made those hits up. Is that possible? f2b inventing matches? I'm a bit lost for tracking this down. Any help is greatly appreciated. This is not about matching rules, i narrowed down that part. But f2b banned ME without visible reason. Any thougts? Cheers, tim _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
