Configure fail2ban for phpmyadmin and roundcube

Post Reply
Posts: 5
Joined: Thu Mar 02, 2023 9:01 am

Brief instructions on how to set up fail2ban for phpmyadmin and roundcube.

Code: Select all

mcedit /etc/fail2ban/jail.local
If you uncomment #action = vesta[name=WEB] then we will have the opportunity to remove ip from the banlist, through vesta (firewall tab).
But you need to remember that if an ip is banned in phpmyadmin or roundcube, it will be banned on port 80, 443. Any resources on the server will not be available (and user sites). Except vesta port.

Code: Select all

enabled = true
filter  = phpmyadmin-syslog
#action  = vesta[name=WEB]
port    = http,https
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s
maxretry = 5

enabled = true
filter   = roundcube-auth
#action  = vesta[name=WEB]
port     = http,https
logpath  = /var/log/roundcube/errors.log
# Use following line in your jail.local if roundcube logs to journal.
#backend = %(syslog_backend)s
maxretry = 10
There is also a "BUG" with action = vesta[name=WEB]. After removing the ip in the vest, it will be removed from the firewall and will gain access. But in the fail2ban jail, the entry will remain. It should not be. Example: if you do

Code: Select all

service fail2ban restart
- ip will return to the ban again.

User avatar
Site Admin
Posts: 932
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

Thanks a lot man.
Post Reply