Fail2ban longer distance

mih · March 15, 2023, 9:45am

Hello. I have a dilemma. I find in the fail2ban.log log IPs that try to log in but at a longer distance.

2023-03-12 19:11:52,383 fail2ban.filter [1302]: INFO [wordpress] Found 128.199.14.4 - 2023-03-12 19:11:52
2023-03-14 13:51:02,638 fail2ban.filter [446124]: INFO [wordpress] Found 128.199.14.4 - 2023-03-14 13:51:02

jail.local
[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port=“http,https”, protocol=tcp]
logpath = /var/log/nginx/domains/*.log
maxretry = 2
findtime = 3600
bantime = 86400
Can it be adjusted? Thank you.
It’s the first time I’m posting. Thanks to the Hestia team, you are doing a great job.

eris · March 15, 2023, 9:49am

Increase the find time

findtime = 3600

mih · March 15, 2023, 9:57am

Thank you eris

eris · March 15, 2023, 10:01am

Personally I would just don’t change it. Most likely the ip is already banned for 24 hours before. Fail2ban preforms the best as burteforce detection ban banning those requests…

mih · March 15, 2023, 10:07am

So the way it is configured now is fine. ok

jlguerrero · March 15, 2023, 12:31pm

Check how does the recidive rule work.

system · April 14, 2023, 12:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.