GUI Fail2ban not working

This topic has 27 replies, 2 voices, and was last updated 2 years, 4 months ago by DannyLarsen.

Down

Post

- March 14, 2018 at 4:04 pm
- Quote
Up
0
Down

DannyLarsen
Participant

Ver 2.0.0-5

The Intrusion detection for the GUI login does not block access to the GUI

The fail2ban.log shows the incorrect login and the action of being block, the system also sends an email that the ip has been blocked

However I can still login from the blocked IP

Firewall and Intrution Detection are both enabled

Am I missing something?

Thank you

0

Viewing 15 replies - 1 through 15 (of 27 total)

1 2 →

Replies

- March 14, 2018 at 4:09 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster

How many tries do you have configured?, are you sure that you reach the maximum tries?

By default the intrusion detection comes with 5 tries allowed. I test by my self, and is working as expected

0
- March 14, 2018 at 4:16 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster

Check if the ip address that you are using is not in the whitelist

Screenshot_238.png

0
- March 14, 2018 at 4:25 pm
- Quote
Up
0
Down

DannyLarsen
Participant

It looks like this is a problem of the vps I am using, I tested on a real server and it works

Is it possible to define the venet in fail2ban on a vps so fail2ban can utilize it

0
- March 14, 2018 at 4:57 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster

It looks like an issue, it happens when the email notifications are enabled, may you try with the email notifications disable in your VPS?

0
- March 14, 2018 at 8:36 pm
- Quote
Up
0
Down

DannyLarsen
Participant

I have removed the email entry in this field “And Send a Notification Email To”

Not sure if that is what you meant

Also I am finding that I have to refresh the page to see the Ban List, the banned addresses show up there after a page refresh but are not blocked

0
- March 14, 2018 at 8:45 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster
Try to update the VitalPBX Fail2ban config:

yum update vitalpbx-fail2ban-config

Let me know if that fix your issue

0
- March 14, 2018 at 8:58 pm
- Quote
Up
0
Down

DannyLarsen
Participant

It returns

“No packages marked for update”

0
- March 14, 2018 at 9:18 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster
Yep, you must to clean cache first

yum clean all

rm -rf /var/cache/yum

yum update vitalpbx-fail2ban-config

0
- March 14, 2018 at 9:31 pm
- Quote
Up
0
Down

DannyLarsen
Participant

OK now updated to ver 1.0.0-3 shows the banned ip address but still lets me in

I disabled and enabled the service and tried logging in with a bad password 10 times (set for 5 max) still lets me access the login page and log in

0
- March 14, 2018 at 9:33 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster

That only happens in your VPS? What kind of VPS do you have?

0
- March 14, 2018 at 9:35 pm
- Quote
Up
0
Down

DannyLarsen
Participant

woothosting cloud vps is the service

0
- March 14, 2018 at 9:36 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster

is it a dedicated VPS? do you have full access to it?

0
- March 14, 2018 at 9:40 pm
- Quote
Up
0
Down

DannyLarsen
Participant

It may be shared with my other vps on the same service

Yes I have full access ssh etc…

0
- March 14, 2018 at 9:40 pm
- Quote
Up
0
Down

DannyLarsen
Participant

But each has a static public ip address

0
- March 14, 2018 at 10:55 pm
- Quote
Up
0
Down

Jose Miguel Rivera
Keymaster
Try the following:

yum install -y fail2ban-systemd fail2ban-firewalld python-inotify
systemctl restart fail2ban

Then post the result of the following command:

fail2ban-client get vitalpbx-gui logpath

0