Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Fail2Ban help

https://forum.vestacp.com/viewtopic.php?t=10662

Page 1 of 2

Fail2Ban help

Posted: Thu Feb 18, 2016 2:18 pm
by pandabb
Hello guys, can you check my fail2ban log and exim log? Why its not banning the ip 185.xxx.x.xxx as seen on my exim log this ip is trying to login with different alias to my hostname.

What could be the problem?



Fail2Ban

Code: Select all

2016-02-18 21:41:34,931 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-18 21:41:36,091 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-18 21:50:10,338 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-18 21:56:40,390 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-18 21:59:39,911 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-18 22:01:41,391 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-18 22:01:42,475 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-18 22:02:50,005 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 193.189.117.148
2016-02-18 22:08:09,744 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-18 22:08:11,914 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-18 22:11:40,452 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
Exim Log

Code: Select all

2016-02-18 21:41:34 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:41:35 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:50:08 no host name found for IP address 185.130.5.102
2016-02-18 21:50:10 dovecot_login authenticator failed for (User) [185.130.5.102]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:56:37 no host name found for IP address 185.130.5.102
2016-02-18 21:56:40 dovecot_login authenticator failed for (User) [185.130.5.102]: 535 Incorrect authentication data ([email protected])
2016-02-18 21:59:37 no host name found for IP address 185.130.5.160
2016-02-18 21:59:39 dovecot_login authenticator failed for (User) [185.130.5.160]: 535 Incorrect authentication data (set_id=club)
2016-02-18 22:01:38 no host name found for IP address 185.130.5.100
2016-02-18 22:01:39 no host name found for IP address 185.130.5.101
2016-02-18 22:01:41 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:01:42 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:02:47 no host name found for IP address 193.189.117.148
2016-02-18 22:02:49 dovecot_login authenticator failed for (192.99.255.132) [193.189.117.148]: 535 Incorrect authentication data (set_id=administracion)
2016-02-18 22:08:07 no host name found for IP address 185.130.5.100
2016-02-18 22:08:08 no host name found for IP address 185.130.5.101
2016-02-18 22:08:09 dovecot_login authenticator failed for (User) [185.130.5.100]: 535 Incorrect authentication data ([email protected])
2016-02-18 22:08:11 dovecot_login authenticator failed for (User) [185.130.5.101]: 535 Incorrect authentication data ([email protected])

Re: Fail2Ban help

Posted: Thu Feb 18, 2016 11:31 pm
by pandabb
more and more but no ban:

Code: Select all

2016-02-19 03:35:24,780 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 03:41:56,232 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 03:47:52,778 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 03:47:54,987 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 03:54:18,668 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 03:54:20,752 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 03:57:01,174 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:03:30,950 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:12:57,395 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 04:14:20,852 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 04:14:22,949 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 04:18:35,504 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:20:46,966 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 04:20:49,052 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 04:25:05,966 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:39:37,508 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 04:40:08,341 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:40:56,791 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 04:40:58,918 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 04:46:39,723 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 04:47:25,989 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 04:47:28,198 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 05:01:42,448 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:06:17,013 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 05:07:37,411 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 05:07:39,479 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 05:08:12,764 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:14:06,690 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 05:14:08,881 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 05:23:15,973 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:29:45,785 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:32:47,272 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 05:34:20,686 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 05:34:22,854 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 05:40:49,734 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 05:40:50,843 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 05:44:48,375 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:51:18,155 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 05:59:25,971 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 06:01:04,431 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 06:01:06,522 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 06:06:23,088 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 06:07:31,703 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 06:07:32,793 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 06:12:50,527 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 06:26:04,776 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 06:27:39,173 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 06:27:41,265 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 06:27:56,585 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 06:34:04,379 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 06:34:05,604 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 06:34:26,291 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 06:49:32,865 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 06:52:42,333 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 06:54:07,615 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 06:54:09,700 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 06:56:03,214 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 07:00:37,788 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 07:00:39,931 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 07:11:07,960 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 07:17:36,619 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.102
2016-02-19 07:19:20,048 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.160
2016-02-19 07:20:47,005 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 07:20:48,221 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101
2016-02-19 07:27:15,042 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.100
2016-02-19 07:27:17,172 fail2ban.filter         [26654]: INFO    [exim-iptables] Found 185.130.5.101

Re: Fail2Ban help

Posted: Fri Feb 19, 2016 1:13 pm
by cyber01
pandabb wrote:more and more but no ban:
try to reduce findtime for exim-iptables section (or exim) in the fail2ban configuration

Re: Fail2Ban help

Posted: Sat Feb 20, 2016 4:28 am
by pandabb
It doesnt work sir i even tried max retry 5 tho i know the default is already 5 lol.

It looks like its not applying the filter.

Re: Fail2Ban help

Posted: Sat Feb 20, 2016 12:46 pm
by cyber01
pandabb wrote:It doesnt work sir i even tried max retry 5 tho i know the default is already 5 lol.
It looks like its not applying the filter.
Not maxretry, a findtime

Re: Fail2Ban help

Posted: Tue Feb 23, 2016 3:56 am
by pandabb
Hello, it's set to findtime = 600 .. what do you suggest?

Re: Fail2Ban help

Posted: Wed Feb 24, 2016 3:37 pm
by pandabb
more of this:

2016-02-24 22:43:15 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=recepcion)
2016-02-24 22:47:46 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=sales)
2016-02-24 22:52:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=soporte)
2016-02-24 22:56:58 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=spam)
2016-02-24 22:58:34 dovecot_login authenticator failed for (User) [185.130.5.160]: 535 Incorrect authentication data (set_id=godzila)
2016-02-24 23:01:36 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=temp)
2016-02-24 23:06:11 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=noreply)
2016-02-24 23:10:39 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=purchasing)
2016-02-24 23:15:13 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=warehouse)
2016-02-24 23:19:50 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=internet)
2016-02-24 23:24:26 dovecot_login authenticator failed for (192.99.255.132) [185.125.4.192]: 535 Incorrect authentication data (set_id=testuser)

Re: Fail2Ban help

Posted: Wed Feb 24, 2016 6:01 pm
by cyber01
about exim - for each IP address attempts were more than findtime (either during findtime happened the required number of login attempts). Therefore, IP-addresses and data are not blocked. Try to reduce maxretry eg up to 2 or 3 and findtime 300

Re: Fail2Ban help

Posted: Sat Mar 05, 2016 3:24 pm
by pandabb
Thanks bro its working ..

Re: Fail2Ban help

Posted: Sat Mar 05, 2016 4:42 pm
by cyber01
I am glad to help
All times are UTC
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited