Page 1 of 1

How to check if fail2ban banned some IP

Posted: Tue Aug 30, 2022 12:07 pm
by isscbta
To find out if some IP is banned, in your SSH, as root, run:

Code: Select all

grep '123.123.123.123' /var/log/vesta/system.log
If as output you see the current date and this

Code: Select all

2022-08-30 11:10:27 v-add-firewall-ban  '123.123.123.123' 'servicename'
Then this clearly indicates that IP has been banned on that current day.

If you are interested to find a reason for this ban (if servicename = MAIL), in your SSH, as root, run:

Code: Select all

grep '123.123.123.123' /var/log/dovecot.log
&

Code: Select all

grep '123.123.123.123' /var/log/exim4/mainlog
The reason for the ban often can be the wrong password sent multiple times through some phone or desktop mail app. This output indicates that:

Code: Select all

Aug 30 11:56:48 auth: Info: passwd-file([email protected],123.123.123.123): Password mismatch
Here is how to whitelist some IP in fail2ban - viewtopic.php?f=26&t=631
How to check if some user has wrong password in mail client application - viewtopic.php?t=656