[Fail2ban-users] Trying to understand how fail2ban 'thinks'

Danny Horne Sat, 09 May 2015 10:06:06 -0700

Hi all,

My SSH jail is set to ban when in excess of three login attempts have
been made within ten minutes.  I've just seen the following in my logs,
so why was a ban not imposed?


2015-05-09 15:46:34,125 fail2ban.filter         [2976]: INFO    [sshd]
Found 84.20.80.46
2015-05-09 15:46:54,344 fail2ban.filter         [2976]: INFO    [sshd]
Found 84.20.80.46
2015-05-09 15:47:10,675 fail2ban.filter         [2976]: INFO    [sshd]
Found 84.20.80.46
2015-05-09 15:47:26,542 fail2ban.filter         [2976]: INFO    [sshd]
Found 84.20.80.46

This is from /var/log/secure

May  9 15:46:34 gallium sshd[4679]: reverse mapping checking getaddrinfo
for pppoe-84-20-80-46.net.pronet.com.al [84.20.80.46] failed - POSSIBLE
BREAK-IN ATTEMPT!
May  9 15:46:34 gallium sshd[4679]: Invalid user ubnt from 84.20.80.46
May  9 15:46:34 gallium sshd[4679]: input_userauth_request: invalid user
ubnt [preauth]
May  9 15:46:41 gallium sshd[4679]: Received disconnect from
84.20.80.46: 11:  [preauth]
May  9 15:46:54 gallium sshd[4681]: reverse mapping checking getaddrinfo
for pppoe-84-20-80-46.net.pronet.com.al [84.20.80.46] failed - POSSIBLE
BREAK-IN ATTEMPT!
May  9 15:46:54 gallium sshd[4681]: Invalid user admin from 84.20.80.46
May  9 15:46:54 gallium sshd[4681]: input_userauth_request: invalid user
admin [preauth]
May  9 15:46:57 gallium sshd[4681]: Received disconnect from
84.20.80.46: 11:  [preauth]
May  9 15:47:10 gallium sshd[4683]: reverse mapping checking getaddrinfo
for pppoe-84-20-80-46.net.pronet.com.al [84.20.80.46] failed - POSSIBLE
BREAK-IN ATTEMPT!
May  9 15:47:10 gallium sshd[4683]: Invalid user support from 84.20.80.46
May  9 15:47:10 gallium sshd[4683]: input_userauth_request: invalid user
support [preauth]
May  9 15:47:15 gallium sshd[4683]: Received disconnect from
84.20.80.46: 11:  [preauth]
May  9 15:47:26 gallium sshd[4685]: reverse mapping checking getaddrinfo
for pppoe-84-20-80-46.net.pronet.com.al [84.20.80.46] failed - POSSIBLE
BREAK-IN ATTEMPT!
May  9 15:47:26 gallium sshd[4685]: Invalid user admin from 84.20.80.46
May  9 15:47:26 gallium sshd[4685]: input_userauth_request: invalid user
admin [preauth]

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Trying to understand how fail2ban 'thinks'

Reply via email to