Fail2ban activity - normal?

Hi All,

I have a new set up and have been receiving Fail2Ban emails stating IP’s have been blocked after multiple log in attempts. This is good as its working - BUT - it seems the email notifications I am receiving are increasing and instead of 10 attempts then a ban some are reaching 250+ attempts form an IP then being banned - it seems my set up is receiving a good bit of snooping :grimacing:

So as I am new on this I am keen to know if such probing is sort if normal and I just need to ensure all security is as good as it can be, or have I missed something and am I perhaps unknowingly putting my system out there as a fun option to poke at?

what ‘backend’ are you using to read the logs?

Hi, thank you for the support and taking the time to reply. I am currently only reading logs here:

https://mydomain/admin/config.php?display=logfiles

The bans seem to be slowing down now and they are mainly all from different IP’s. I guess I am getting 1x F2B alert email a day at present and it may slow even more and thus problem just naturally go away as net bots lose interest / mark destination as secure??