Help my IP is getting banned!

Status
Not open for further replies.

sbenwellp

New Member
May 19, 2019
15
0
1
34
Hello all my IP seems to be getting banned by fail2ban I believe any ideas how I can sort out the problem and find out what is causing it.I found myself in iptables -L works from my office location just home getting blocked image attached.

Thank youuuuu
 

Attachments

  • 111111.png
    111111.png
    4.2 KB · Views: 26

sbenwellp

New Member
May 19, 2019
15
0
1
34
FYI looks like its totally blocked the IP for SSH web access sip etc only way i could get to the server was to vpn to my office
 

sbenwellp

New Member
May 19, 2019
15
0
1
34
its also under Chain f2b-sshd


is there a way to find out why fail2ban is blocked it before i white list keen to find what the problem was thank you for your quick reply
 

jackurke

New Member
Jul 10, 2018
4
1
3
54
You could check the log at /var/log/fail2ban.log

cat /var/log/fail2ban.log| grep {ip}
 

sbenwellp

New Member
May 19, 2019
15
0
1
34
Thanks, I have attached the log output,

From this IP I have a ATA , a Fanvill VoIP phone and I would have been home when the IP was banned with my phone which has GS Wave installed. Does anyone have any idea what would be causing it to ban?
 

Attachments

  • Home IP Ban.txt
    194.4 KB · Views: 11

smn

Member
Jul 18, 2017
201
20
18
As someone else mentioned, add your Home IP to ignoreip= and restart fail2ban.
 
Last edited:
  • Like
Reactions: JamesBorne

smn

Member
Jul 18, 2017
201
20
18
its also under Chain f2b-sshd

is there a way to find out why fail2ban is blocked it before i white list keen to find what the problem was thank you for your quick reply

In addition to fail2ban log check /var/log/nginx/access.log and error.log and /var/log/auth.log
 

sbenwellp

New Member
May 19, 2019
15
0
1
34
As someone else mentioned, add your Home IP to ignoreip= and restart fail2ban.
Thanks smn I have done that

but as I said im interested in trying to find out what caused it rather then just covering it up and forget about it what are the common triggers for fail to ban to block a ip?
 

sbenwellp

New Member
May 19, 2019
15
0
1
34
In addition to fail2ban log check /var/log/nginx/access.log and error.log and /var/log/auth.log
I've had a look through and there isn't anything in the logs before today :/ only one that had somehting was f2b log which i attached
 

JamesBorne

Active Member
Jan 24, 2019
294
57
28
Australia
Even when your IP is on the line ignoreip=, it will still end up the file /var/log/fail2ban.log.
E.g. [nginx-dos] Ignore 127.0.0.1 by ip

You will still be able to see what is triggering the ban in the future @sbenwellp.
This comes down to basic admin.
Manually check those files to spot the ban, or create triggers to catch them in all the files mentioned above!
 
Status
Not open for further replies.