Fail2ban sshd not working

g1antj4ck · February 14, 2017, 4:31pm

just tested if fail2ban works for sshd and it does not work here is the log:

2017-02-14 17:20:17,875 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:20:19,884 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:21:05,392 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:21:06,999 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:21:49,076 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:21:49,930 fail2ban.actions [9452]: NOTICE [sshd] Ban 1.2.3.4
2017-02-14 17:21:51,391 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:22:03,555 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:22:05,459 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:24:05,984 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:24:07,637 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4
2017-02-14 17:24:08,420 fail2ban.actions [9452]: NOTICE [sshd] 1.2.3.4 already banned
2017-02-14 17:24:13,421 fail2ban.filter [9452]: INFO [sshd] Found 1.2.3.4

and i can still login with that banned IP…
IP is changed for privacy

JMSolo · February 14, 2017, 4:43pm

We are not here for fail2ban support as I don’t personally use it. However, you can check this post at Server Fault for info.

g1antj4ck · February 14, 2017, 5:13pm

sorry did you read my post right?

i do not want to unban anything

i just want all to know that fail2ban is not working in this quickbox script… maybe some devs should know that what they did is not working because i did not change anything on the fail2ban settings

for me this is a huge bug… because you think the server is somehow save for bruteforce login but it is not

i hope that was more clear to understand

JMSolo · February 14, 2017, 5:22pm

Perhaps I should be more clear.

This is a free solution and I don’t have support anyone with outrageous attitudes or accusations.

Fail2ban is not used by QuickBox… CSF is (feel free to actually review things included within the README). Fail2ban is nothing more than a dependency in the lineup for those that understand how to use IPTables on their own and/or create their own rules. CSF is provided by QuickBox to encourage a GUI for easier use to those that want security and reliability without digging into IPTables directly.

Saying that Fail2ban does not work in QuickBox and some devs need to address this is both moot and 100% arrogant on your part. We don’t officially carry/support Fail2ban… thus if something with Fail2ban doesn’t work for… you’ll need to address this on your own.

You do realize that fail2ban comes default to standard ports… and even then you need to add the ports allowed manually… it’s not a Genie in a bottle.

Are you running a live E-commerce Production server, or a seedbox? You (again) need to look into the firewall that we have actually implemented to work with QuickBox… at the very least before you pass more accusations.

g1antj4ck · February 14, 2017, 5:43pm

sorry should not mean it as accusation
was meant as bug report

sorry again i was wrong, i thought fail2ban should work out of the box… my fail

RXWatcher · February 14, 2017, 5:51pm

I will bet if you do aiptables --list that you’ll see that its blocking 22 and not 4747.

You will need to edit the jail.conf for the proper port(s) to block. The above link will point the way.