Need some sos with fail2ban trying to add trusted domains

chacho · September 23, 2018, 11:50am

can someone shed light what is wrong with this ?
today i have over 20 entires but my test does not find them 0 hits
added picture as host disappeared
[Definition]

failregex={.*"Trusted domain error. “’)”}

ignoreregex =

Running tests

Use failregex filter file : myfilter, basedir: /etc/fail2ban
Use log file : /var/www/html/owncloud/data/owncloud.log
Use encoding : UTF-8

Results

Failregex: 0 total

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
| [405] Year-Month-Day[T ]24hour:Minute:Second(?:.Microseconds)?(?:Zone offset)?
`-

Lines: 405 lines, 0 ignored, 0 matched, 405 missed
[processed in 0.22 sec]

Missed line(s): too many to print. Use --print-all-missed to print all 405 lines

karakayasemi · September 23, 2018, 5:49pm

I know it is not answer of your question, but you can use this app https://marketplace.owncloud.com/apps/brute_force_protection for brute force protection instead of fail2ban. I hope it helps.

chacho · September 23, 2018, 7:04pm

does this also banned the trusded domain attacks

karakayasemi · September 23, 2018, 7:39pm

if you define trusted domain attacks to me, I can answer your question. it simply bans any ip after defined failed attempts.

chacho · September 23, 2018, 8:21pm

Didint expect that question

“reqId”:“pKcRS6b7H131udCNwvpW”,“level”:2,“time”:“2018-09-23T14:27:33-04:00”,“remoteAddr”:“190.109.165.85”,“user”:"–",“app”:“core”,“method”:“GET”,“url”:"/",“message”:“Trusted domain error. “190.109.165.85” tried to access using “removed :80” as host.”}

These are people trying to connect with ip since they are no good i want to banned them

Thanks for your help

tom42 · September 25, 2018, 10:46am

Hey,

i’m not sure but isn’t the configuration / setup of fail2ban not better placed in the fail2ban support forums?