Re: [Fail2ban-users] Numerous lines without access, "ban" without offense

Thu, 02 Sep 2021 00:51:35 -0700 



On 02/09/2021 07:19, Tim Boneko via Fail2ban-users wrote:


Hello!
A few days ago my home router got banned by my web server for
repeated offenses that are not to be found in the (server) logs.
A few examples:

2021-08-30 14:21:02,441 fail2ban.filter         [27785]: INFO
[apache-badbots] Found 2a00:6020:1000:3:b089:2d06:a379:432f -
2021-08-30 08:54:08
fail2ban.log:2259:2021-08-30 14:21:02,441 fail2ban.filter
[27785]: INFO    [apache-badbots] Found
2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:08
fail2ban.log:2260:2021-08-30 14:21:02,442 fail2ban.filter
[27785]: INFO    [apache-badbots] Found
2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:20
fail2ban.log:2261:2021-08-30 14:21:02,442 fail2ban.filter
[27785]: INFO    [apache-badbots] Found
2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:54:20
fail2ban.log:2262:2021-08-30 14:21:02,443 fail2ban.filter
[27785]: INFO    [apache-badbots] Found
2a00:6020:1000:3:b089:2d06:a379:432f - 2021-08-30 08:57:05

This continues for ~1 second with up to 3 hits per millisecond,
about 80 lines altogether. Obviously some misbehaviour from the
client side, no problem for this list in the first place.
Possibly an issue with nextcloud from my home network.

The trouble is that there is not a single line in the apache
logs which represent the offense. For about 90 minutes the
server instance in question didn't log a single packet from
anybody. System load was low, to me it looks as if fail2ban made
those hits up. Is that possible? f2b inventing matches?

I'm a bit lost for tracking this down. Any help is greatly
appreciated. This is not about matching rules, i narrowed down
that part. But f2b banned ME without visible reason. Any
thougts?
Cheers,
    tim


All those are Found and not Ban. Check for Ban.


You can try running the command fail2ban-regex against the 
apache-badbots filter and the relevant logs and use the 
--print-all-matched switch.


Nick


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users






















					Reply via email to