268
questions
-2
votes
0
answers
33
views
How to catch suspicious requests using Fail2Ban ubuntu nginx [closed]
I have a wordpress application hosted on a digital ocean droplet. I have noticed in my access logs that I am getting lots of requests from various IPs that appear to be crawling my website and trying ...
1
vote
1
answer
508
views
Failed during configuration: Have not found any log file for sshd jail [closed]
After installation, I copied the jail.conf file as jail.local. I didn't rewrite anything, I didn't say anything in the file, I'm trying to start with the default values.
I followed this description ...
0
votes
1
answer
41
views
Which format is the result of 'fail2ban-client banned' command and how I can fully load the result in PHP (as array)
This is the format of the data returned by command fail2ban-client banned:
[{'sshd': []}, {'nginx-http-auth': []}, {'nginx-botsearch': []}, {'recidive': []}, {'wo-wordpress': []}, {'nginx-forbidden': [...
0
votes
2
answers
149
views
ModSecurity + Fail2Ban ban client IP sending post to Servlet
I am using:
Ubuntu 24.04
Plesk Obsidian 18.0.62
Apache/2.4.59
Tomcat/10.1.16
tomcat-connectors-1.2.49
libapache2-mod-jk
ModSecurity
Fail2ban
Free ModSecurity Rules from Comodo
And I have a servlet ...
0
votes
0
answers
52
views
How to create a Fail2Ban filter?
I'm trying to create a Fail2Ban filter that catches all response codes except 200 or 412 across all destination paths. Here is a sample of my log format:
INFO [2024-06-13 10:23:58] 172.20.101.132 &...
0
votes
1
answer
113
views
Regex config fail2ban for multiline modsecurity
I'm trying to improve fail2ban configuration for modsecurity in nginx so that regex-expression covers the whole block, is without maxline and finally gives more accurate triggering. Made a regex and ...
0
votes
0
answers
55
views
How to create a fail2ban filter to protect a FastAPI implementation?
Im working on a FastAPI project but I want to implement a fail2ban filter that blocks all abusive intents on my API.
So far i have created a log file that stores all API requests in a access.log file
...
0
votes
1
answer
89
views
fail2ban refuses to work on Raspberrypi Zero 2 W [closed]
I have a RaspberryPi Zero 2 W. I installed fail2ban using the command sudo apt install fail2ban -y. I have been referring to the following resources: PiMyLifeUp, HowtoGeek as well as LinuxSize.
No ...
0
votes
1
answer
118
views
Fail2Ban jail.local (conf)
I'm trying to get to grips with Fail2Ban jail conf.
A lot of the logpaths have what look like variables
i.e. logpath = %(apache_error_log)s
I don't see these defined anywhere. Are they externally ...
1
vote
1
answer
192
views
Configuring a filter for Fail2ban and Bookstack
I cannot successfully configure fail2ban filter for working with Bookstack.
I tried 3 differents regex checker, they're all catching the log lines, but when i try with failban-regex tool, it don't hit ...
-1
votes
1
answer
96
views
fail2ban regular expression for asterisk 19
I have an asterisk server that is attacked. There is a fail2ban jail for the asterisk logs but the configuration does not pick up the this situation:
[2023-07-27 11:25:57] NOTICE[152571] res_pjsip/...
0
votes
1
answer
111
views
Regex - Match only if substring exists
I'm struggling with a Regex for usage in Fail2Ban.
This is a line of logs I need to crawl:
Jul 14 13:30:44 servername kernel: [ 803.539059] [UFW BLOCK] IN=eth0 OUT= MAC=somemacadress SRC=somesourceip ...
0
votes
1
answer
150
views
fail2ban repeatedly banning authorized user [closed]
I wonder what help you can provide me with,
I am repeatedly banned by fail2ban when I use the fork software on my windows computer to git pull and push to a git repo that is hosted on a Hetzner cloud.
...
1
vote
1
answer
1k
views
How can I stop Fail2ban from banning my external IP when attempting to access my Plex server?
I have a fairly simple setup using fail2ban with NGINX Proxy Manager. In this setup, I have Plex exposed to the outside and routed internally using my reverse proxy, and that works fine without ...
0
votes
2
answers
92
views
regex for repeating patterns
i have a dovecot logfile which contains entrys like this:
Jun 1 04:16:24 mail dovecot: auth-worker(3158): sql(ryan,193.42.32.170): unknown user (given password: ryan)
i want to create a fail2ban ...