We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
How To Configure Fail2ban to ban bots for longer periord of time
-
- Posts: 1
- Joined: Wed Jun 20, 2018 10:42 am
- Os: Ubuntu 15x
- Web: apache + nginx
How To Configure Fail2ban to ban bots for longer periord of time
Hi,
I was analysing my fail2ban logs and exim4 logs and found that there are multiple failed logins into SSH and mail. fail2ban ban IP after 5 max try for 10mins, but the bots continue the attack after unban.
1) How to change the default ban time from 10mins to something else.
2)How to ban IPs that were baned more than 5 times in last 24hours for longer duration like a week/month.
3)How to block dynamic IPs based on common hostname (chickenkiller.com) attacking mail.
4) Is CSF is what I am looking for? viewtopic.php?f=20&t=10209
Thank You
I was analysing my fail2ban logs and exim4 logs and found that there are multiple failed logins into SSH and mail. fail2ban ban IP after 5 max try for 10mins, but the bots continue the attack after unban.
1) How to change the default ban time from 10mins to something else.
2)How to ban IPs that were baned more than 5 times in last 24hours for longer duration like a week/month.
3)How to block dynamic IPs based on common hostname (chickenkiller.com) attacking mail.
4) Is CSF is what I am looking for? viewtopic.php?f=20&t=10209
Thank You
Re: How To Configure Fail2ban to ban bots for longer periord of time
Hi;
generally speaking fail2ban have a filter for that the name is recidive.
fail2ban recommend to personalize fail2ban by adding your change inside a .local file; VestaCP follow this rules.
So if you add to this file /etc/fail2ban/jail.local
fail2ban will look inside /var/log/fail2ban.log for banned IP
and when these one appear more than 5 time (maxretry) in a period of 3600s (findtime) it will ban it for 3600s (bantime)
note1
any non define option in /etc/fail2ban/jail.local will use the parameters define in /etc/fail2ban/jail.conf which you could look to inspire yourself
note2
the findtime and the bantime must be longer than any other bantime and findtime to be efficient.
generally speaking fail2ban have a filter for that the name is recidive.
fail2ban recommend to personalize fail2ban by adding your change inside a .local file; VestaCP follow this rules.
So if you add to this file /etc/fail2ban/jail.local
Code: Select all
[recidive]
enabled = true
maxretry = 5
bantime = 3600
findtime = 3600
and when these one appear more than 5 time (maxretry) in a period of 3600s (findtime) it will ban it for 3600s (bantime)
note1
any non define option in /etc/fail2ban/jail.local will use the parameters define in /etc/fail2ban/jail.conf which you could look to inspire yourself
note2
the findtime and the bantime must be longer than any other bantime and findtime to be efficient.