[Fail2ban-users] Already banned

Michael Grant Wed, 24 Jun 2015 02:31:00 -0700

I see a lot of these Already Banned messages in my fail2ban log.  For
example


[sshd]
maxretry = 9
enabled  = true

2015-06-24 04:34:04,500 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,521 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,521 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,522 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,524 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,524 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,525 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,525 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,529 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70
2015-06-24 04:34:04,529 fail2ban.filter         [3210]: INFO    [sshd]
Found 113.195.145.70

... then about a minute later...

2015-06-24 04:35:07,931 fail2ban.actions        [3210]: NOTICE  [sshd] Ban
113.195.145.70

... then about 6 minutes later...

2015-06-24 04:41:25,105 fail2ban.actions        [3210]: NOTICE  [sshd]
113.195.145.70 already banned
2015-06-24 04:41:42,704 fail2ban.filter         [3210]: INFO
 [pam-generic] Found 113.195.145.70
2015-06-24 04:41:42,720 fail2ban.filter         [3210]: INFO
 [pam-generic] Found 113.195.145.70
2015-06-24 04:41:42,720 fail2ban.filter         [3210]: INFO
 [pam-generic] Found 113.195.145.70

I see this a lot, not any one jail.  Is this because of the threaded nature
of fail2ban that it is queuing up things to another thread?

When I see Already Banned, it makes me wonder if it didn't really ban it
the first time.

Here's a second example that plays itself out over a half hour:

2015-06-24 04:34:26,785 fail2ban.actions        [3210]: NOTICE
 [apache-noscript] Ban 192.111.146.34
2015-06-24 04:56:07,436 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:07,436 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:12,921 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:13,589 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:13,589 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:14,088 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:56:14,089 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:57:26,894 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:57:26,894 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:58:45,453 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:09,863 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] Ban 192.111.146.34
2015-06-24 04:59:15,940 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,778 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,779 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,779 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,779 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,779 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,780 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,780 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:21,780 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 04:59:55,517 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] 192.111.146.34 already banned
2015-06-24 04:59:57,451 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] 192.111.146.34 already banned
2015-06-24 04:59:59,457 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] 192.111.146.34 already banned
2015-06-24 05:00:00,579 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] 192.111.146.34 already banned
2015-06-24 05:06:55,620 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 05:06:55,621 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 05:06:55,621 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 05:06:55,621 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 05:06:55,622 fail2ban.filter         [3210]: INFO
 [apache-badbots] Found 192.111.146.34
2015-06-24 05:06:56,665 fail2ban.actions        [3210]: NOTICE
 [apache-badbots] 192.111.146.34 already banned

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o

_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

[Fail2ban-users] Already banned

Reply via email to