Fail2Ban ProFTPd working filter and jail?

WholesaleDialup

WholesaleDialup

Verified User
Joined
Sep 25, 2004
Messages
178
Location
San Antonio, TX
I have been banging my head on this for hours. I have fail2ban working fine with Exim and SSH but can't for the life of me get it working with ProFTPd on my DA server.

I have tried everything I have found on Google which wasn't much.

Done tons of trial and error with the regex and so on.

Just wondering if someone that has it working can share their filter file contents and their jail config so I can get this working.

I know about all the DA integrated brute force tools but I had a big IP Tables mess and things were not getting blocked, SPAMMERS scumbags got in and caused me all sorts of trouble so now I want to use Fail2Ban so I can control and see a little more about what's happening.

Thanks in advance to anyone that can help.
 
Hi,
Maybe this can help you. This works fine on our DirectAdmin systems.

In jail.local (don't use jail.conf because it will be overwritten with updates) ...
[proftpd]

enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/auth.log
maxretry = 4
findtime = 3600
bantime = 172800
Click to expand...

And make sure to make a file in /etc/fail2ban/filter.d, called proftpd.conf
# Fail2Ban configuration file
#
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>\S+)
# Values: TEXT
#
failregex = (.*) (.*) <HOST> (.*) (.*) 530

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
Click to expand...

Good luck. Hope this will work on your system!
 
Thanks HighFly!

I have since given up on Fail2Ban in favor of CSF which in my opinion is a WAY better solution, especially on DA systems. I ended up figured out what I needed to on Fail2ban but in the end, it just wasn't even close to the experience I had with CSF. Thanks again!
 
Ive edited your post because you wrote CFS but I believe you mean CSF. I'm in error please explain what CFS is and give us a link, and I'll re-edit your post if necessary.

Thanks.

Jeff
 
You must log in or register to reply here.
Back
Top