>An apparent script was going slowly through a list of accounts, and one-by-one, >testing each one, and failing. Then over time it would repeat. Same accounts, >but a different one each time it attempted to get the correct password.
>While no accounts have been compromised, I see there are a LOT of fails, and >there is no ban because it is not trying the same account in consecutive tries. >Any means to stop this from continuing? Fail2ban is not based on consecutive tries. It is based on "maxretry" tries within "findtime" time interval. If you adjust your filter regex to ignore which account they are trying, you should be able to pick a maxretry and findtime value that will identify the offender. Michael ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
