My Community Dashboard

Sam Gann
View Full Profile
  • Sam Gann
    Sam Gann replied to a discussion, Attack Detector post-sasl

    Here some more logs from failtoban.

    Same Ip's 91.200 still not banned.

    016-12-24 09:46:03,906 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 09:55:29,093 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:04:55,831 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:14:18,209 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:23:45,221 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:30:35,719 fail2ban.filter [2388]: INFO [postfix-sasl] Found 80.82.77.83
    2016-12-24 10:33:10,111 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:35:23,331 fail2ban.filter [2388]: INFO [postfix-sasl] Found 195.22.126.189
    2016-12-24 10:42:38,876 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 10:52:04,747 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:01:32,891 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:10:57,444 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:20:23,320 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:24:28,181 fail2ban.filter [2388]: INFO [postfix-sasl] Found 80.82.77.83
    2016-12-24 11:29:45,723 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:39:13,256 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 11:48:37,463 fail2ban.filter [2388]: INFO [postfix-sasl] Found 91.200.12.125
    2016-12-24 12:14:42,429 fail2ban.server [2388]: INFO Stopping all jails
    2016-12-24 12:14:42,542 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl
    iptables -w -F f2b-postfix-sasl
    iptables -w -X f2b-postfix-sasl -- stdout: ''
    2016-12-24 12:14:42,542 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl
    iptables -w -F f2b-postfix-sasl
    iptables -w -X f2b-postfix-sasl -- stderr: "iptables v1.4.21: Couldn't load target `f2b-postfix-sasl':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2016-12-24 12:14:42,543 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports smtp,465,submission,imap3,imaps,pop3,pop3s -j f2b-postfix-sasl
    iptables -w -F f2b-postfix-sasl
    iptables -w -X f2b-postfix-sasl -- returned 1
    2016-12-24 12:14:42,543 fail2ban.actions [2388]: ERROR Failed to stop jail 'postfix-sasl' action 'iptables-multiport': Error stopping action
    2016-12-24 12:14:43,368 fail2ban.jail [2388]: INFO Jail 'postfix-sasl' stopped
    2016-12-24 12:14:43,541 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
    iptables -w -F f2b-sshd
    iptables -w -X f2b-sshd -- stdout: ''
    2016-12-24 12:14:43,541 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
    iptables -w -F f2b-sshd
    iptables -w -X f2b-sshd -- stderr: "iptables v1.4.21: Couldn't load target `f2b-sshd':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2016-12-24 12:14:43,542 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd
    iptables -w -F f2b-sshd
    iptables -w -X f2b-sshd -- returned 1
    2016-12-24 12:14:43,542 fail2ban.actions [2388]: ERROR Failed to stop jail 'sshd' action 'iptables-multiport': Error stopping action
    2016-12-24 12:14:44,369 fail2ban.jail [2388]: INFO Jail 'sshd' stopped
    2016-12-24 12:14:44,539 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd-ddos
    iptables -w -F f2b-sshd-ddos
    iptables -w -X f2b-sshd-ddos -- stdout: ''
    2016-12-24 12:14:44,540 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd-ddos
    iptables -w -F f2b-sshd-ddos
    iptables -w -X f2b-sshd-ddos -- stderr: "iptables v1.4.21: Couldn't load target `f2b-sshd-ddos':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n"
    2016-12-24 12:14:44,540 fail2ban.action [2388]: ERROR iptables -w -D INPUT -p tcp -m multiport --dports ssh -j f2b-sshd-ddos
    iptables -w -F f2b-sshd-ddos
    iptables -w -X f2b-sshd-ddos -- returned 1
    2016-12-24 12:14:44,540 fail2ban.actions [2388]: ERROR Failed to stop jail 'sshd-ddos' action 'iptables-multiport': Error stopping action
    2016-12-24 12:14:45,371 fail2ban.jail [2388]: INFO Jail 'sshd-ddos' stopped
    2016-12-24 12:14:45,376 fail2ban.server [2388]: INFO Exiting Fail2ban
    2016-12-24 12:14:49,750 fail2ban.server [6221]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.5
    2016-12-24 12:14:49,751 fail2ban.database [6221]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
    2016-12-24 12:14:49,753 fail2ban.jail [6221]: INFO Creating new jail 'sshd'
    2016-12-24 12:14:49,769 fail2ban.jail [6221]: INFO Jail 'sshd' uses systemd
    2016-12-24 12:14:49,790 fail2ban.jail [6221]: INFO Initiated 'systemd' backend
    2016-12-24 12:14:49,792 fail2ban.filter [6221]: INFO Set maxRetry = 5
    2016-12-24 12:14:49,793 fail2ban.actions [6221]: INFO Set banTime = 86400
    2016-12-24 12:14:49,793 fail2ban.filter [6221]: INFO Set findtime = 600
    2016-12-24 12:14:49,794 fail2ban.filter [6221]: INFO Set maxlines = 10
    2016-12-24 12:14:49,874 fail2ban.filtersystemd [6221]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
    2016-12-24 12:14:49,885 fail2ban.jail [6221]: INFO Creating new jail 'sshd-ddos'
    2016-12-24 12:14:49,885 fail2ban.jail [6221]: INFO Jail 'sshd-ddos' uses systemd
    2016-12-24 12:14:49,886 fail2ban.jail [6221]: INFO Initiated 'systemd' backend
    2016-12-24 12:14:49,887 fail2ban.filter [6221]: INFO Set maxRetry = 5
    2016-12-24 12:14:49,888 fail2ban.actions [6221]: INFO Set banTime = 86400
    2016-12-24 12:14:49,888 fail2ban.filter [6221]: INFO Set findtime = 600
    2016-12-24 12:14:49,891 fail2ban.filtersystemd [6221]: INFO Added journal match for: '_SYSTEMD_UNIT=sshd.service + _COMM=sshd'
    2016-12-24 12:14:49,902 fail2ban.jail [6221]: INFO Creating new jail 'postfix-sasl'
    2016-12-24 12:14:49,902 fail2ban.jail [6221]: INFO Jail 'postfix-sasl' uses systemd
    2016-12-24 12:14:49,903 fail2ban.jail [6221]: INFO Initiated 'systemd' backend
    2016-12-24 12:14:49,904 fail2ban.filter [6221]: INFO Set maxRetry = 5
    2016-12-24 12:14:49,905 fail2ban.actions [6221]: INFO Set banTime = 86400
    2016-12-24 12:14:49,906 fail2ban.filter [6221]: INFO Set findtime = 600
    2016-12-24 12:14:49,911 fail2ban.filtersystemd [6221]: INFO Added journal match for: '_SYSTEMD_UNIT=postfix.service'
    2016-12-24 12:14:49,924 fail2ban.jail [6221]: INFO Jail 'sshd' started
    2016-12-24 12:14:49,928 fail2ban.jail [6221]: INFO Jail 'sshd-ddos' started
    2016-12-24 12:14:49,939 fail2ban.jail [6221]: INFO Jail 'postfix-sasl' started
    2016-12-24 12:18:09,078 fail2ban.filter [6221]: INFO [postfix-sasl] Found 80.82.77.83