I have tried to search everywhere and never got an answer.
Why do the firewall auto remove its auto banned IPs?
Wouldnt it be safer? Or the logs and list will be bombarded overtime? If so, is there a way to auto ban the IPs longer than the default one (which is how long?)
Ips are banned for an increasing time.
Also if an user accidentally got banned he won’t be able to login after xx min
Is this covered in /etc/fail2ban/jail.local with some default pulled from /etc/fail2ban/jail.conf ?
specifically with hestia login failures:
jail.local
[hestia-iptables]
enabled = true
filter = hestia
action = hestia[name=HESTIA]
logpath = /var/log/hestia/auth.log
maxretry = 5
It takes 5 bad attempts(jail.local), within 10 minutes(jail.conf), to ban you for 10 minutes(jail.conf).
then if it continues the recidive filter kicks in(jail.local)
[recidive]
enabled = true
filter = recidive
action = hestia[name=RECIDIVE]
logpath = /var/log/fail2ban.log
maxretry = 5
findtime = 86400
bantime = 864000
if they are banned 5 times within 86400 seconds (24 hrs), then they are banned for 864000 secondes (240 hrs ).
and these values can be modified and fail2ban restarted to take effect.
thanks
With 8 chars password there are about
2.1834011e+14 combinations possible
With 25 failed login attempts ip is banned for 10 days
I don’t think it is reasonable users are able to via Hestia
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.