search

outroll / vesta

VESTA Control Panel
http://vestacp.com
GNU General Public License v3.0
2.94k stars 1.03k forks source link

Weird Fail2Ban Issue - It bans Vesta #2003

Open muratcesmecioglu opened 4 years ago

muratcesmecioglu commented 4 years ago

Operating System (OS/VERSION):

CentOS 7.6.1810(x86_64)

VestaCP Version:

Version:0.9.8 (x86_64) | Release:25

Installed Software (what you got with the installer):

php-fpm, apache, nginx, mysql

Steps to Reproduce:

I don't know

Related Issues/Forum Threads:

When my server restarts, fail2ban bans VESTA, FTP, SSH. So no of my sites works, i can't open Vesta login page. I can't find why and i don't know how to find. I did not any changes recently. It appears from nowhere.

Other Notes:

Some logs and files

cat /etc/fail2ban/jail.local

[ssh-iptables] enabled = true filter = sshd action = vesta[name=SSH] logpath = /var/log/secure maxretry = 5

[vsftpd-iptables] enabled = true filter = vsftpd action = vesta[name=FTP] logpath = /var/log/vsftpd.log maxretry = 5

[exim-iptables] enabled = true filter = exim action = vesta[name=MAIL] logpath = /var/log/exim/main.log

[dovecot-iptables] enabled = true filter = dovecot action = vesta[name=MAIL] logpath = /var/log/dovecot.log

[mysqld-iptables] enabled = false filter = mysqld-auth action = vesta[name=DB] logpath = /var/log/mysqld.log maxretry = 5

[vesta-iptables] enabled = true filter = vesta action = vesta[name=VESTA] logpath = /var/log/vesta/auth.log maxretry = 5

cat /var/log/vesta/auth.log

2020-02-29 22:16:42 admin 85.103.110.25 successfully logged in 2020-03-03 05:39:11 admin 78.189.22.116 successfully logged in 2020-03-22 20:57:24 admin 85.103.108.140 successfully logged in 2020-03-31 05:38:20 admin 85.111.55.14 successfully logged in 2020-04-26 10:51:50 admin 85.111.55.14 successfully logged in 2020-04-27 12:16:23 admin 78.189.22.116 successfully logged in

-> There is no failed attempt in vesta logins.

cat /var/log/vesta/system.log

2020-04-27 12:09:08 v-add-firewall-ban '51.15.99.106' 'SSH' 2020-04-27 12:11:16 v-delete-firewall-ban '203.98.76.172' 'SSH' 2020-04-27 12:11:19 v-add-firewall-chain 'SSH' 2020-04-27 12:11:19 v-add-firewall-ban '35.224.121.138' 'SSH' 2020-04-27 12:12:12 v-delete-firewall-ban '157.230.226.254' 'SSH' 2020-04-27 12:13:05 v-add-firewall-chain 'SSH' 2020-04-27 12:13:05 v-add-firewall-ban '106.12.121.189' 'SSH' 2020-04-27 12:13:06 v-delete-firewall-ban '14.225.7.45' 'SSH' 2020-04-27 12:14:41 v-delete-firewall-ban '120.31.143.254' 'SSH' 2020-04-27 12:14:41 v-delete-firewall-ban '213.145.145.34' 'SSH' 2020-04-27 12:15:19 v-delete-firewall-ban '218.201.102.250' 'SSH' 2020-04-27 12:16:26 v-delete-firewall-ban '101.71.129.89' 'SSH' 2020-04-27 12:17:17 v-delete-firewall-chain 'VESTA' 2020-04-27 12:17:18 v-delete-firewall-chain 'FTP' 2020-04-27 12:17:19 v-delete-firewall-chain 'MAIL' 2020-04-27 12:17:20 v-delete-firewall-chain 'MAIL' 2020-04-27 12:17:21 v-delete-firewall-ban '77.55.214.135' 'SSH' 2020-04-27 12:17:21 v-delete-firewall-ban '178.128.94.116' 'SSH' 2020-04-27 12:17:22 v-delete-firewall-ban '51.15.99.106' 'SSH' 2020-04-27 12:17:22 v-delete-firewall-ban '35.224.121.138' 'SSH' 2020-04-27 12:17:22 v-delete-firewall-ban '106.12.121.189' 'SSH' 2020-04-27 12:17:22 v-delete-firewall-chain 'SSH' 2020-04-27 12:17:39 v-add-firewall-chain 'SSH' 2020-04-27 12:17:39 v-add-firewall-chain 'MAIL' 2020-04-27 12:17:39 v-add-firewall-chain 'MAIL' 2020-04-27 12:17:39 v-add-firewall-chain 'VESTA' 2020-04-27 12:17:40 v-add-firewall-chain 'FTP' 2020-04-27 12:17:40 v-add-firewall-chain 'SSH' 2020-04-27 12:17:40 v-add-firewall-ban '106.12.121.189' 'SSH' 2020-04-27 12:17:40 v-add-firewall-chain 'SSH' 2020-04-27 12:17:40 v-add-firewall-ban '178.128.94.116' 'SSH' 2020-04-27 12:17:40 v-add-firewall-chain 'SSH' 2020-04-27 12:17:40 v-add-firewall-ban '35.224.121.138' 'SSH' 2020-04-27 12:17:41 v-add-firewall-chain 'SSH' 2020-04-27 12:17:41 v-add-firewall-ban '51.15.99.106' 'SSH' 2020-04-27 12:17:41 v-add-firewall-chain 'SSH' 2020-04-27 12:17:41 v-add-firewall-ban '77.55.214.135' 'SSH' 2020-04-27 12:27:40 v-delete-firewall-ban '106.12.121.189' 'SSH'

-> It started yesterday...

Why fail2ban bans VESTA even there is no failed attempt?

muratcesmecioglu commented 4 years ago

fail2ban log file (since last restart)

2020-04-28 14:55:39,542 fail2ban.server [865]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.7 2020-04-28 14:55:39,543 fail2ban.database [865]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2020-04-28 14:55:39,547 fail2ban.jail [865]: INFO Creating new jail 'ssh-iptables' 2020-04-28 14:55:39,551 fail2ban.jail [865]: INFO Jail 'ssh-iptables' uses poller {} 2020-04-28 14:55:39,590 fail2ban.jail [865]: INFO Initiated 'polling' backend 2020-04-28 14:55:39,593 fail2ban.filter [865]: INFO Added logfile = /var/log/secure 2020-04-28 14:55:39,593 fail2ban.filter [865]: INFO Set maxRetry = 5 2020-04-28 14:55:39,595 fail2ban.filter [865]: INFO Set jail log file encoding to ANSI_X3.4-1968 2020-04-28 14:55:39,595 fail2ban.actions [865]: INFO Set banTime = 600 2020-04-28 14:55:39,596 fail2ban.filter [865]: INFO Set findtime = 600 2020-04-28 14:55:39,597 fail2ban.filter [865]: INFO Set maxlines = 10 2020-04-28 14:55:39,797 fail2ban.server [865]: INFO Jail ssh-iptables is not a JournalFilter instance 2020-04-28 14:55:39,804 fail2ban.jail [865]: INFO Creating new jail 'vsftpd-iptables' 2020-04-28 14:55:39,806 fail2ban.jail [865]: INFO Jail 'vsftpd-iptables' uses poller {} 2020-04-28 14:55:39,808 fail2ban.jail [865]: INFO Initiated 'polling' backend 2020-04-28 14:55:39,810 fail2ban.filter [865]: INFO Added logfile = /var/log/vsftpd.log 2020-04-28 14:55:39,811 fail2ban.filter [865]: INFO Set maxRetry = 5 2020-04-28 14:55:39,812 fail2ban.filter [865]: INFO Set jail log file encoding to ANSI_X3.4-1968 2020-04-28 14:55:39,813 fail2ban.actions [865]: INFO Set banTime = 600 2020-04-28 14:55:39,814 fail2ban.filter [865]: INFO Set findtime = 600 2020-04-28 14:55:39,827 fail2ban.jail [865]: INFO Creating new jail 'exim-iptables' 2020-04-28 14:55:39,828 fail2ban.jail [865]: INFO Jail 'exim-iptables' uses poller {} 2020-04-28 14:55:39,830 fail2ban.jail [865]: INFO Initiated 'polling' backend 2020-04-28 14:55:39,832 fail2ban.filter [865]: INFO Added logfile = /var/log/exim/main.log 2020-04-28 14:55:39,833 fail2ban.filter [865]: INFO Set maxRetry = 5 2020-04-28 14:55:39,834 fail2ban.filter [865]: INFO Set jail log file encoding to ANSI_X3.4-1968 2020-04-28 14:55:39,835 fail2ban.actions [865]: INFO Set banTime = 600 2020-04-28 14:55:39,836 fail2ban.filter [865]: INFO Set findtime = 600 2020-04-28 14:55:39,900 fail2ban.jail [865]: INFO Creating new jail 'dovecot-iptables' 2020-04-28 14:55:39,902 fail2ban.jail [865]: INFO Jail 'dovecot-iptables' uses poller {} 2020-04-28 14:55:39,905 fail2ban.jail [865]: INFO Initiated 'polling' backend 2020-04-28 14:55:39,909 fail2ban.filter [865]: INFO Added logfile = /var/log/dovecot.log 2020-04-28 14:55:39,910 fail2ban.filter [865]: INFO Set maxRetry = 5 2020-04-28 14:55:39,912 fail2ban.filter [865]: INFO Set jail log file encoding to ANSI_X3.4-1968 2020-04-28 14:55:39,913 fail2ban.actions [865]: INFO Set banTime = 600 2020-04-28 14:55:39,914 fail2ban.filter [865]: INFO Set findtime = 600 2020-04-28 14:55:39,983 fail2ban.server [865]: INFO Jail dovecot-iptables is not a JournalFilter instance 2020-04-28 14:55:39,988 fail2ban.jail [865]: INFO Creating new jail 'vesta-iptables' 2020-04-28 14:55:39,989 fail2ban.jail [865]: INFO Jail 'vesta-iptables' uses poller {} 2020-04-28 14:55:39,991 fail2ban.jail [865]: INFO Initiated 'polling' backend 2020-04-28 14:55:39,993 fail2ban.filter [865]: INFO Added logfile = /var/log/vesta/auth.log 2020-04-28 14:55:39,994 fail2ban.filter [865]: INFO Set maxRetry = 5 2020-04-28 14:55:39,995 fail2ban.filter [865]: INFO Set jail log file encoding to ANSI_X3.4-1968 2020-04-28 14:55:39,996 fail2ban.actions [865]: INFO Set banTime = 600 2020-04-28 14:55:39,997 fail2ban.filter [865]: INFO Set findtime = 600 2020-04-28 14:55:40,008 fail2ban.jail [865]: INFO Jail 'ssh-iptables' started 2020-04-28 14:55:40,024 fail2ban.jail [865]: INFO Jail 'vsftpd-iptables' started 2020-04-28 14:55:40,045 fail2ban.jail [865]: INFO Jail 'exim-iptables' started 2020-04-28 14:55:40,063 fail2ban.jail [865]: INFO Jail 'dovecot-iptables' started 2020-04-28 14:55:40,086 fail2ban.jail [865]: INFO Jail 'vesta-iptables' started

meksiabdou commented 4 years ago

same problem in ubuntu 18.04.