How to check if fail2ban banned some IP

Post Reply
User avatar
isscbta
Team Member
Posts: 130
Joined: Mon Jul 19, 2021 1:41 am
Has thanked: 15 times
Been thanked: 3 times

To find out if some IP is banned, in your SSH, as root, run:

Code: Select all

grep '123.123.123.123' /var/log/vesta/system.log
If as output you see the current date and this

Code: Select all

2022-08-30 11:10:27 v-add-firewall-ban  '123.123.123.123' 'servicename'
Then this clearly indicates that IP has been banned on that current day.

If you are interested to find a reason for this ban (if servicename = MAIL), in your SSH, as root, run:

Code: Select all

grep '123.123.123.123' /var/log/dovecot.log
&

Code: Select all

grep '123.123.123.123' /var/log/exim4/mainlog
The reason for the ban often can be the wrong password sent multiple times through some phone or desktop mail app. This output indicates that:

Code: Select all

Aug 30 11:56:48 auth: Info: passwd-file([email protected],123.123.123.123): Password mismatch
Here is how to whitelist some IP in fail2ban - viewtopic.php?f=26&t=631
How to check if some user has wrong password in mail client application - viewtopic.php?t=656

Tags:
Post Reply