Fail2ban longer distance

Hello. I have a dilemma. I find in the fail2ban.log log IPs that try to log in but at a longer distance.

2023-03-12 19:11:52,383 fail2ban.filter [1302]: INFO [wordpress] Found - 2023-03-12 19:11:52
2023-03-14 13:51:02,638 fail2ban.filter [446124]: INFO [wordpress] Found - 2023-03-14 13:51:02

enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port=“http,https”, protocol=tcp]
logpath = /var/log/nginx/domains/*.log
maxretry = 2
findtime = 3600
bantime = 86400
Can it be adjusted? Thank you.
It’s the first time I’m posting. Thanks to the Hestia team, you are doing a great job.

Increase the find time

findtime = 3600

Thank you eris

Personally I would just don’t change it. Most likely the ip is already banned for 24 hours before. Fail2ban preforms the best as burteforce detection ban banning those requests…

So the way it is configured now is fine. ok

Check how does the recidive rule work.

1 Like