Hi,
The IP 45.143.220.131 has just been banned by Fail2Ban after
46 attempts against SIP on ast.
Regards,
Fail2Ban
My Fail2Ban settings are as follows:
After 2 failed attempts, I want to ban the IP for a month (this logic works for my setup). But this does not match-up with the above email.
Why was the rogue IP not blocked after 2 attempts? How did it get to make 46 attempts??
Also, my " IP’s that are currently banned." list is not growing.
It depends on the 'backend’s available to fail2ban and the rate that the attempts are made at, you will get significant response improvement if you makw pyinotify available on your system.
Also f2b versions >= .9 are also significantly more efficient.
@dicko My current FreePBX distro has fail2ban 0.8.14-76
Since I have a distro install, I will wait for the system to automatically upgrade fail2ban.
On another note, since yesterday, when I last made the config changes, I’m seeing fewer emails from fail2ban & I’m seeing a health growth in banned IP listed on the Intrusion detection page.
I will continue to monitor and update this thread as I discover something new.
Welll the currently packaged version dates to Aug 19, 2014, 11 is the currently being developed version, but even so pyinotify will still help, if it is in the repos then
yum install python-pyinotify
would likely speed your detection rate without upsetting ‘the distro’.
the fail2ban logs will show what backend is used on startup
I’m happy to report that finally I am seeing reduced number of fail2ban emails & most importantly max failed attempts has not cross “2”. Previously it was common for me to get 5-300 failed attempts in the notification email.