fail2ban see fails, don’t IPtable ban, return 503
-
Hello there !
I’m running into an issue after changing my findtime for both wordpress jails.
Everything was working correctly before, but now, here is what append:– there is max 20 attempt on 1 day
– user try login and fail
– log is correctly appent to auth.log
Sep 22 15:13:19 server wordpress(www.domain.com)[27076]: Authentication attempt for unknown user sdfsf from IP
– Total fail increase to 19 after 19 try
– Currently fail increase to 1 after the 19th try
– IP is not added to IPtable, and fail2ban log don’t log any ban action
– IP cannot access the site, but get a 503 code, instead of “no response at all” like beforeDo you have any idea ?
Config:
[wordpress-soft]
port = http,https
enabled = true
filter = wordpress-soft
logpath = /var/log/auth.log
maxretry = 20
findtime = 86400
bantime = 604800[wordpress-hard]
port = http,https
enabled = true
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = 20
findtime = 86400
bantime = 604800On fail2ban reboot, nothing strange in logs:
2018-09-22 15:22:22,160 fail2ban.server [29954]: INFO Stopping all jails
2018-09-22 15:22:22,587 fail2ban.jail [29954]: INFO Jail ‘wordpress-soft’ stopped
2018-09-22 15:22:23,586 fail2ban.jail [29954]: INFO Jail ‘wordpress-hard’ stopped
2018-09-22 15:22:24,591 fail2ban.jail [29954]: INFO Jail ‘sshd-ddos’ stopped
2018-09-22 15:22:25,663 fail2ban.jail [29954]: INFO Jail ‘sshd’ stopped
2018-09-22 15:22:26,765 fail2ban.jail [29954]: INFO Jail ‘http-get-dos’ stopped
2018-09-22 15:22:26,766 fail2ban.server [29954]: INFO Exiting Fail2ban
2018-09-22 15:22:27,136 fail2ban.server [30369]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
2018-09-22 15:22:27,137 fail2ban.database [30369]: INFO Connected to fail2ban persistent database ‘/var/lib/fail2ban/fail2ban.sqlite3’
2018-09-22 15:22:27,140 fail2ban.jail [30369]: INFO Creating new jail ‘sshd’
2018-09-22 15:22:27,145 fail2ban.jail [30369]: INFO Jail ‘sshd’ uses poller {}
2018-09-22 15:22:27,164 fail2ban.jail [30369]: INFO Initiated ‘polling’ backend
2018-09-22 15:22:27,165 fail2ban.filter [30369]: INFO Set jail log file encoding to UTF-8
2018-09-22 15:22:27,166 fail2ban.actions [30369]: INFO Set banTime = 2629743
2018-09-22 15:22:27,175 fail2ban.filter [30369]: INFO Added logfile = /var/log/auth.log
2018-09-22 15:22:27,175 fail2ban.filter [30369]: INFO Set maxRetry = 6
2018-09-22 15:22:27,176 fail2ban.filter [30369]: INFO Set findtime = 86400
2018-09-22 15:22:27,177 fail2ban.filter [30369]: INFO Set maxlines = 10
2018-09-22 15:22:27,254 fail2ban.server [30369]: INFO Jail sshd is not a JournalFilter instance
2018-09-22 15:22:27,259 fail2ban.jail [30369]: INFO Creating new jail ‘sshd-ddos’
2018-09-22 15:22:27,261 fail2ban.jail [30369]: INFO Jail ‘sshd-ddos’ uses poller {}
2018-09-22 15:22:27,262 fail2ban.jail [30369]: INFO Initiated ‘polling’ backend
2018-09-22 15:22:27,263 fail2ban.filter [30369]: INFO Set jail log file encoding to UTF-8
2018-09-22 15:22:27,263 fail2ban.actions [30369]: INFO Set banTime = 864000
2018-09-22 15:22:27,264 fail2ban.filter [30369]: INFO Added logfile = /var/log/auth.log
2018-09-22 15:22:27,265 fail2ban.filter [30369]: INFO Set maxRetry = 10
2018-09-22 15:22:27,265 fail2ban.filter [30369]: INFO Set findtime = 120
2018-09-22 15:22:27,267 fail2ban.server [30369]: INFO Jail sshd-ddos is not a JournalFilter instance
2018-09-22 15:22:27,272 fail2ban.jail [30369]: INFO Creating new jail ‘http-get-dos’
2018-09-22 15:22:27,273 fail2ban.jail [30369]: INFO Jail ‘http-get-dos’ uses poller {}
2018-09-22 15:22:27,274 fail2ban.jail [30369]: INFO Initiated ‘polling’ backend
2018-09-22 15:22:27,275 fail2ban.filter [30369]: INFO Set jail log file encoding to UTF-8
2018-09-22 15:22:27,276 fail2ban.actions [30369]: INFO Set banTime = 864000
2018-09-22 15:22:27,276 fail2ban.filter [30369]: INFO Added logfile = /var/log/fail2ban-http-get-dos.log
2018-09-22 15:22:27,277 fail2ban.filter [30369]: INFO Set maxRetry = 360
2018-09-22 15:22:27,277 fail2ban.filter [30369]: INFO Set findtime = 120
2018-09-22 15:22:27,282 fail2ban.jail [30369]: INFO Creating new jail ‘wordpress-soft’
2018-09-22 15:22:27,283 fail2ban.jail [30369]: INFO Jail ‘wordpress-soft’ uses poller {}
2018-09-22 15:22:27,284 fail2ban.jail [30369]: INFO Initiated ‘polling’ backend
2018-09-22 15:22:27,285 fail2ban.filter [30369]: INFO Set jail log file encoding to UTF-8
2018-09-22 15:22:27,286 fail2ban.actions [30369]: INFO Set banTime = 604800
2018-09-22 15:22:27,287 fail2ban.filter [30369]: INFO Added logfile = /var/log/auth.log
2018-09-22 15:22:27,287 fail2ban.filter [30369]: INFO Set maxRetry = 20
2018-09-22 15:22:27,288 fail2ban.filter [30369]: INFO Set findtime = 86400
2018-09-22 15:22:27,298 fail2ban.jail [30369]: INFO Creating new jail ‘wordpress-hard’
2018-09-22 15:22:27,299 fail2ban.jail [30369]: INFO Jail ‘wordpress-hard’ uses poller {}
2018-09-22 15:22:27,300 fail2ban.jail [30369]: INFO Initiated ‘polling’ backend
2018-09-22 15:22:27,301 fail2ban.filter [30369]: INFO Set jail log file encoding to UTF-8
2018-09-22 15:22:27,302 fail2ban.actions [30369]: INFO Set banTime = 604800
2018-09-22 15:22:27,303 fail2ban.filter [30369]: INFO Added logfile = /var/log/auth.log
2018-09-22 15:22:27,303 fail2ban.filter [30369]: INFO Set maxRetry = 20
2018-09-22 15:22:27,303 fail2ban.filter [30369]: INFO Set findtime = 86400
2018-09-22 15:22:27,332 fail2ban.jail [30369]: INFO Jail ‘sshd’ started
2018-09-22 15:22:27,335 fail2ban.jail [30369]: INFO Jail ‘sshd-ddos’ started
2018-09-22 15:22:27,342 fail2ban.jail [30369]: INFO Jail ‘http-get-dos’ started
2018-09-22 15:22:27,344 fail2ban.jail [30369]: INFO Jail ‘wordpress-soft’ started
2018-09-22 15:22:27,347 fail2ban.jail [30369]: INFO Jail ‘wordpress-hard’ startedthanks a lot
- The topic ‘fail2ban see fails, don’t IPtable ban, return 503’ is closed to new replies.
