Hi, I have a Centos 7 installation where an IP address that has been banned appears to be able to continue to attempt ssh connections. My sshd.local is:
[sshd] enabled = true bantime = 86400 findtime = 3600 maxretry = 3 protocol = all Despite this, I am currently being continuously hit by 43.255.188.169 (log snippets follow). Any ideas what I have done wrong? Thanks, Ted 2015-06-14 11:33:46,545 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:48,350 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:50,421 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:51,086 fail2ban.actions [28524]: NOTICE [sshd] 43.255.188.169 already banned 2015-06-14 11:33:53,104 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:53,734 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:55,499 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:33:56,092 fail2ban.actions [28524]: NOTICE [sshd] 43.255.188.169 already banned 2015-06-14 11:33:57,530 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:34:00,508 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:34:01,130 fail2ban.filter [28524]: INFO [sshd] Found 43.255.188.169 2015-06-14 11:34:02,100 fail2ban.actions [28524]: NOTICE [sshd] 43.255.188.169 already banned and Jun 14 11:36:25 kahlo sshd[28890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root Jun 14 11:36:27 kahlo sshd[28890]: Failed password for invalid user root from 43.255.188.169 port 52618 ssh2 Jun 14 11:36:29 kahlo sshd[28890]: Failed password for invalid user root from 43.255.188.169 port 52618 ssh2 Jun 14 11:36:31 kahlo sshd[28890]: Failed password for invalid user root from 43.255.188.169 port 52618 ssh2 Jun 14 11:36:31 kahlo sshd[28890]: Received disconnect from 43.255.188.169: 11: [preauth] Jun 14 11:36:31 kahlo sshd[28890]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root Jun 14 11:36:32 kahlo sshd[28892]: User root from 43.255.188.169 not allowed because not listed in AllowUsers Jun 14 11:36:32 kahlo sshd[28892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root Jun 14 11:36:34 kahlo sshd[28892]: Failed password for invalid user root from 43.255.188.169 port 38784 ssh2 Jun 14 11:36:36 kahlo sshd[28892]: Failed password for invalid user root from 43.255.188.169 port 38784 ssh2 Jun 14 11:36:37 kahlo sshd[28892]: Failed password for invalid user root from 43.255.188.169 port 38784 ssh2 Jun 14 11:36:37 kahlo sshd[28892]: Received disconnect from 43.255.188.169: 11: [preauth] Jun 14 11:36:37 kahlo sshd[28892]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root Jun 14 11:36:38 kahlo sshd[28894]: User root from 43.255.188.169 not allowed because not listed in AllowUsers Jun 14 11:36:38 kahlo sshd[28894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root Jun 14 11:36:40 kahlo sshd[28894]: Failed password for invalid user root from 43.255.188.169 port 53258 ssh2 Jun 14 11:36:42 kahlo sshd[28894]: Failed password for invalid user root from 43.255.188.169 port 53258 ssh2 Jun 14 11:36:44 kahlo sshd[28894]: Failed password for invalid user root from 43.255.188.169 port 53258 ssh2 Jun 14 11:36:44 kahlo sshd[28894]: Received disconnect from 43.255.188.169: 11: [preauth] Jun 14 11:36:44 kahlo sshd[28894]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.255.188.169 user=root ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
